diff --git a/SUMMARY.md b/SUMMARY.md index 8060c92b..0aa40e57 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -1745,3 +1745,38 @@ * [Turn on debug mode in OpenLDAP](turn.on.debug.mode.in.openldap.md) # Frequently Asked Questions * [Why append timestamp in maildir path](why.append.timestamp.in.maildir.path.md) +# Install iRedMail +* [Perform silent/unattended iRedMail installation](unattended.iredmail.installation.md) +# How to +* [Completely disable Amavisd + ClamAV + SpamAssassin](0-completely.disable.amavisd.clamav.spamassassin.md) +* [Enable SMTPS service (SMTP over SSL, port 465)](0-enable.smtps.md) +* [Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](1-amavisd.no.x-spam.headers.md) +* [Disable spam virus scanning for outgoing mails](1-disable.spam.virus.scanning.for.outgoing.mails.md) +* [Quarantining](1-quarantining.md) +* [Allow user to send email without authentication](allow.user.to.send.email.without.authentication.md) +* [Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)](configure.thunderbird.md) +* [Ignore Trash folder in mailbox quota](ignore.trash.folder.in.quota.md) +* [LDAP: Add an alias domain](ldap.add.alias.domain.md) +* [LDAP: Add a mail alias account](ldap.add.mail.alias.md) +* [LDAP: Add a mail list account](ldap.add.mail.list.md) +* [LDAP: User mail forwarding.](ldap.user.mail.forwarding.md) +* [Monitor incoming and outgoing mails with BCC](monitor.incoming.and.outgoing.mails.with.bcc.md) +* [Pipe incoming email for certain user to external script ](pipe.incoming.email.for.certain.user.to.external.script.md) +* [Force Dovecot to recalculate mailbox quota](recalculate.mailbox.quota.md) +* [SQL: Create an mail alias account with SQL command line](sql.create.mail.alias.md) +* [Store SpamAssassin bayes in SQL](store.spamassassin.bayes.in.sql.md) +# Third-party integrations. +* [SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)](sogo-centos-6-mysql.md) +# Cluster solutions +* [An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS ](full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.md) +# Backup, restore and migration +* [Migrate iRedAdmin open source edition to iRedAdmin-Pro](migrate.or.upgrade.iredadmin.md) +* [Migrate old iRedMail server to the latest stable release](migrate.to.new.iredmail.server.md) +* [Password hashes](password.hashes.md) +# Troubleshooting and Debug +* [Turn on debug mode in Amavisd](turn.on.debug.mode.in.amavisd.md) +* [Turn on debug mode in Cluebringer](turn.on.debug.mode.in.cluebringer.md) +* [Turn on debug mode in Dovecot](turn.on.debug.mode.in.dovecot.md) +* [Turn on debug mode in OpenLDAP](turn.on.debug.mode.in.openldap.md) +# Frequently Asked Questions +* [Why append timestamp in maildir path](why.append.timestamp.in.maildir.path.md) diff --git a/convert.sh b/convert.sh index e00206b0..eb2c7e5e 100644 --- a/convert.sh +++ b/convert.sh @@ -12,8 +12,7 @@ # Directory used to store converted html files. PWD="." SOURCE_DIR="${PWD}/src" -#OUTPUT_DIR="${PWD}/html" -OUTPUT_DIR="../web/docs" +OUTPUT_DIR="${PWD}/html" INDEX_MD="${OUTPUT_DIR}/index.md" README_MD="${PWD}/README.md" GITBOOK_MD="${PWD}/SUMMARY.md" @@ -129,3 +128,6 @@ ${CMD_CONVERT} ${INDEX_MD} ${OUTPUT_DIR} title="iRedMail Documentations" # Cleanup rm -f ${INDEX_MD} + +# Copy to local hg repo of http://www.iredmail.org/docs/ +cp -rf html/* ../web/docs/ diff --git a/html/allow.user.to.send.email.without.authentication.html b/html/allow.user.to.send.email.without.authentication.html new file mode 100644 index 00000000..a9119629 --- /dev/null +++ b/html/allow.user.to.send.email.without.authentication.html @@ -0,0 +1,35 @@ + + + + Allow user to send email without authentication + + + + +

Allow user to send email without authentication

+
+ +
+

Create a plain text file: /etc/postfix/accepted_unauth_senders:

+
fax-machine-12@mydomain.tld OK
+
+ +

Use postmap to create hash db file:

+
# postmap hash:/etc/postfix/accepted_unauth_senders
+
+ +

Modify Postfix to use this text file: /etc/postfix/main.cf

+
smtpd_sender_restrictions = 
+    check_sender_access hash:/etc/postfix/accepted_unauth_senders,
+    [...OTHER RESTRICTIONS HERE...]
+
+ +

Restart/reload postfix to make it work:

+
# /etc/init.d/postfix restart
+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/amavisd.no.x-spam.headers.html b/html/amavisd.no.x-spam.headers.html new file mode 100644 index 00000000..5a0bc0b6 --- /dev/null +++ b/html/amavisd.no.x-spam.headers.html @@ -0,0 +1,25 @@ + + + + Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted. + + + + +

Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.

+

Amavisd has below setting in its config file /etc/amavisd/amavisd.conf by default:

+
$sa_tag_level_deflt  = 2.0;
+
+

That means Amavisd will insert X-Spam-Flag and other X-Spam-* headers when email score >= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:

+
$sa_tag_level_deflt  = -999;
+
+

Amavisd's main config file is different on different Linux/BSD distributions:

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/completely.disable.amavisd.clamav.spamassassin.html b/html/completely.disable.amavisd.clamav.spamassassin.html new file mode 100644 index 00000000..43b85e5a --- /dev/null +++ b/html/completely.disable.amavisd.clamav.spamassassin.html @@ -0,0 +1,54 @@ + + + + Completely disable Amavisd + ClamAV + SpamAssassin + + + + +

Completely disable Amavisd + ClamAV + SpamAssassin

+

In iRedMail, Amavisd provides below features:

+ +

Stop virus/spam scanning, keep DKIM signing/verification and Disclaimer

+

If you want to disable virus and spam scanning, but keep DKIM signing and disclaimer, please try this:

+ +
# @bypass_virus_checks_maps = (1);  # controls running of anti-virus code
+# @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
+
+ +

Uncomment above lines (removing "# " at the beginning of each line), and restart Amavisd service.

+

Completely disable all features

+

If you want to completely disable spam and virus scanning services, steps:

+ +
content_filter = smtp-amavis:[127.0.0.1]:10024
+receive_override_options = no_address_mappings
+
+ + +

Notes:

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/configure.thunderbird.html b/html/configure.thunderbird.html new file mode 100644 index 00000000..b65dbc21 --- /dev/null +++ b/html/configure.thunderbird.html @@ -0,0 +1,77 @@ + + + + Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book) + + + + +

Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)

+
+ +
+

iRedMail provides POP3S (POP3 over TLS), IMAPS (IMAP over TLS), SMTPS (SMTP over TLS) for receiving and sending emails by default.

+

Create new mail account

+

To create a new mail account with Thunderbird, please click menu: File -> New -> Mail Account.

+

Add your name, email address and password in this screen.

+

+

Click continue, it will detect IMAP and SMTP server automatically.

+

Note:

+ +

+

Configure Thunderbird as POP3 client

+

Warning: Make sure you are using full email address as username.

+

+

Configure Thunderbird as IMAP client

+

Warning: Make sure you are using full email address as username.

+

+

Configure Thunderbird to send mail via SMTP

+

Menu: Tools -> Account settings... -> Outgoing server (SMTP) -> Choose the server you are using.

+

Warning: Make sure you are using full email address as username.

+

+

Use OpenLDAP as Global LDAP Address Book

+

IMPORTANT NOTE: Thunderbird won\'t show contacts in LDAP address book directly, but it works when you starting typing email address in recipient field while composing email.

+

Here we take Thunderbird 5.0 for example. Steps:

+ +

That's all.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/css/markdown.css b/html/css/markdown.css similarity index 100% rename from css/markdown.css rename to html/css/markdown.css diff --git a/html/disable.spam.virus.scanning.for.outgoing.mails.html b/html/disable.spam.virus.scanning.for.outgoing.mails.html new file mode 100644 index 00000000..9d39c054 --- /dev/null +++ b/html/disable.spam.virus.scanning.for.outgoing.mails.html @@ -0,0 +1,35 @@ + + + + Disable spam virus scanning for outgoing mails + + + + +

Disable spam virus scanning for outgoing mails

+

To disable spam/virus scanning for outgoing mails, you can add bypass settings in Amavisd config file: /etc/amavisd/amavisd.conf (RHEL/CentOS/Scientific Linux) or /etc/amavis/conf.d/50-user (Debian/Ubuntu) or /usr/local/etc/amavisd.conf (FreeBSD).

+ +

These settings can be added in setting block $policy_bank{'MYUSERS'}:

+
$policy_bank{'MYUSERS'} = {
+    [...OMIT OTHER SETTINGS HERE...]
+
+    # don't perform spam/virus/header check.
+    bypass_spam_checks_maps => [1],
+    bypass_virus_checks_maps => [1],
+    bypass_header_checks_maps => [1],
+
+    # allow sending any file names and types
+    bypass_banned_checks_maps => [1],
+}
+
+ +

Restarting Amavisd service is required after changing settings.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/enable.smtps.html b/html/enable.smtps.html new file mode 100644 index 00000000..e79d0eb2 --- /dev/null +++ b/html/enable.smtps.html @@ -0,0 +1,72 @@ + + + + Enable SMTPS service (SMTP over SSL, port 465) + + + + +

Enable SMTPS service (SMTP over SSL, port 465)

+
+ +
+

Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default

+

SMTPS is deprecated, so iRedMail disable it by default. +Quote from (wikipedia.org)[http://en.wikipedia.org/wiki/SMTPS]

+
+

Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS has been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.

+
+

Why enable SMTPS since it's depreciated

+

Unfortunately, there're some popular mail clients don't support submission (SMTP over STARTTLS, port 587), the famous one is Microsoft Outlook. Quote from wikipedia.org:

+
+

Even in 2013, there are still services that continue to offer the deprecated SMTPS interface on port 465 in addition to (or instead of!) the RFC-compliant message submission interface on the port 587 defined by RFC 6409. Service providers that maintain port 465 do so because older Microsoft applications (including Entourage v10.0) do not support STARTTLS, and thus not the smtp-submission standard (ESMTPS on port 587). The only way for service providers to offer those clients an encrypted connection is to maintain port 465.

+
+

How to enable SMTPS

+

To enable SMTPS, you should configure Postfix to listen on port 465 first, then open port 465 in iptables.

+

Please find below lines in Postfix config file /etc/postfix/master.cf (Linux/OpenBSD) or /usr/local/etc/postfix/master.cf (FreeBSD):

+
#smtps     inet  n       -       n       -       -       smtpd
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+
+

Uncomment first 4 lines, but leave the last one commented out (because iRedMail doesn't use Postfix milter at all):

+
smtps     inet  n       -       n       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+
+

Restart Postfix service to enable SMTPS.

+

Open port 465 in iptables

+

On RHEL/CentOS, please update iptables rule file /etc/sysconfig/iptables, add one rule (third line in below code) for port 465, then restart iptables service.

+
# File: /etc/sysconfig/iptables
+-A INPUT -p tcp --dport 25 -j ACCEPT
+-A INPUT -p tcp --dport 587 -j ACCEPT
+-A INPUT -p tcp --dport 465 -j ACCEPT
+
+

On Debian/Ubuntu, if you use iptables rule file provided by iRedMail, please update /etc/default/iptables, add one rule (third line in below code) for port 465, then restart iptables service.

+
File: /etc/sysconfig/iptables
+-A INPUT -p tcp --dport 25 -j ACCEPT
+-A INPUT -p tcp --dport 587 -j ACCEPT
+-A INPUT -p tcp --dport 465 -j ACCEPT
+
+

On OpenBSD, please append service 'smtps' in /etc/pf.conf, parameter mail_services=:

+
File: /etc/pf.conf
+mail_services="{www, https, submission, imap, imaps, pop3, pop3s, ssh, smtps}"
+
+

Reload PF rule file:

+
# pfctl -f /etc/pf.conf
+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.html b/html/full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.html new file mode 100644 index 00000000..e49e1caa --- /dev/null +++ b/html/full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.html @@ -0,0 +1,486 @@ + + + + An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS + + + + +

An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS

+
+ +
+

Contributed by Joshua Boniface, Sep 21, 2014.

+

Introduction

+

iRedMail is a very nifty piece of software. Setting up a full mail server on modern Linux is indeed possible; there are guides for every part of the system, preconfigured templates, and many-a mailing list post. However, iRedMail does something special: it makes it easy. Easy to install, easy to administer, and and easy to use. However, there are very few guides on how to deploy a complete, clustered iRedMail solution. Let's talk a bit about what I mean by that.

+

I know e-mail, having deployed Debian-Linux-based carrier-grade mail platforms as part of my job. Setting up a cluster for production use, you want something that's fault-tolerant on every level. If you have 3 physical servers, you want to make sure you can keep your systems running even if you have to bring one down for maintenance, or due to a catastrophic hardware fault. You want to make sure you don't lose anything because one server crashed. However, many HA setups are not full multi-master; sure, you can lose a node, but it better not be server1. The setup I propose below addresses this: it doesn't matter which of your N nodes fails, you can always perform every task you need; and without proper monitoring, you might not even notice you have a problem! Some may think this is overkill, but the result is very compelling for anyone who values a 100% uptime!

+

The setup I'm using is based on Debian Wheezy (7), the latest stable release of the Debian GNU/Linux operating system; 64-bit is of course recommended. I am very dilligent on separating services, for good reason: ease of manageability and flexibility, and as a result this guide uses slightly more VMs and IP addresses than one may expect. I will break down the cluster now so you have a better idea of how this is running.

+

Please note that while this guide has parts that can be copy-pasted, and most specified shell commands and config files will work as intended, I do expect you to understand what you're doing, and RTFM if you don't; a decent knowledge of Linux System Administration is a must here. I don't go into any detail about creating your VMs, or any basic system administration tasks or commands, or what specific config options in files do. Also, all IP addresses/hostnames are fictitious and must be replaced, and anything in <> square brackets must be filled in with you own information. Finally, please note that I offer NO GUARANTEED SUPPORT FOR THIS GUIDE, though if you have a good question I'll probably answer it.

+

The Cluster

+

My home cluster is a fairly simple beast: there are two distinct hypervisors (hv1.example.net and hv2.example.net) running KVM, and a single file server (filer1.example.net). At this time, mostly due to budget reasons (it's a homelab, and those cost a lot of money in power!), I am not replicating to a second fileserver, and hence the backend Maildir storage is not HA in my setup. This can be acomplished in a huge number of ways (glusterFS, DRBD, manual sync) but is outside the scope of this guide. I assume that "filer1.example.net" is some device, providing a single NFS interface for backend storage of Maildirs.

+

The Virtual Machines running on hv1.example.net and hv2.example.net are served via NFS from filer1, as are the Maildirs used for storing e-mail. This NFS is on a private network local to the servers, and this network also carries LDAP sync and Database traffic. The virtual machines are tied to a hypervisor: each 1 server is on hv1.example.net and each 2 server is on hv2.example.net. It's worth pointing out now that this cluster could easily be expanded to 3 hypervisors (and hence a 3 server for each service) if desired; this is recommended for the Database cluster in particular, however in my setup the filer1.example.net is the third, quorum-holding database server.

+

I expect your setup to be slightly different. If so, just adapt this guide; I use consistent naming throughout (sed might be your friend here)!

+

2a) Virtual machines and networking

+

The cluster comprises the following service VMs, all running Debian Wheezy:

+ +

Additionally, one VIP address for the load balancers is required:

+ +

And one IP for the file server containing Maildirs:

+ +

The entire cluster therefore uses 8 IP addresses (ignoring the hypervisors, and any other VMs you might have set up). For the purposes of this guide, I assume two networks: "public", 1.1.1.0/24, and "private" , 10.1.1.0/24. You can omit either network and use a single private network; my proper "public" network uses routable public IPs, while the "private" network is unrouted, and certain replication traffic and NFS are kept on the "private" network for security. You can ignore this convention if you want, or even use Masquerade mode with IPVS, to hide all these services behind a single "public" IP and keep it all behind NAT. Whatever works for your environment! If you don't have a proper DNS setup, you can use this template in your "/etc/hosts" file on each host.

+
# "Public"
+1.1.1.11    filer1.example.net
+1.1.1.12    lb0.example.net # (VIP)
+1.1.1.13    lb1.example.net
+1.1.1.14    lb2.example.net
+1.1.1.15    db1.example.net
+1.1.1.16    db2.example.net
+1.1.1.17    mail1.example.net
+1.1.1.18    mail2.example.net
+# "Private"
+10.1.1.11   filer1.local
+10.1.1.13   lb1.local
+10.1.1.14   lb2.local
+10.1.1.15   db1.local
+10.1.1.16   db2.local
+10.1.1.17   mail1.local
+10.1.1.18   mail2.local
+
+

Note that there are no VIP in the "private" network: since all its services are load-balanced from the "public" IP, it is unnecessary for there to be a "local" VIP. I recommend firewalling the VIP address (of course) to block MySQL traffic from the outside world if you are using a true public IP, though other services should probably be "public".

+

2b) A note on example conventions

+

Thoughout this guide, when command-lines are given, the following rules will be held:

+

i) the beginning of the prompt will indicate the server name, either as: + server1 # + for a specific server ID, or: + serverX # + for all servers in that category, or even: + serva1, servb2 # + for two specific server names + ii) the seperator character shall be isolated on both sides by a space (for ease of copying a single command, but + discouraging block copying) and will consist of: + # - for a root-level account + $ - for an unprivileged account +iii) for simplicity, most commands in this guide are written as an unprivileged user with "sudo" prepended; + commands that require the actual root account (e.g. the iRedMail.sh setup script) will use # instead + iv) when editing a text file, the raw contents from server1 will be presented after the command (usually 'sudo + vim'), followed by a 'diff' of the differences between server1 and server2, if necessary; one can extrapolate + the third server or any other differences if desired + v) any comments regarding a text file will follow the output and diff, prepended by a [*] for each comment

+

Setting up IPVS, ldirectord, and keepalived

+

Chapter source: http://www.ultramonkey.org/papers/lvs_tutorial/html/

+

The first and probably easiest part of this cluster is the load balancing configuration. It is a very straightforward setup, with 2 load-balancers sharing 1 VIP address: if contact is lost, keepalived moves the VIP between the two servers on a weighted basis (lb1 is prefered to lb2).

+

Start by installing the required packages on both hosts.

+

lbX $ sudo apt-get update +lbX $ sudo apt-get upgrade +lbX $ sudo apt-get install ipvsadm ldirectord keepalived

+

3a) keepalived

+

Begin by editing the keepalivd configuration. This will set up the VIP between the two load balancers, and allow it to fail over from lb1 to lb2 in the event lb1 goes down, thus preserving services to anyone connecting to the cluster through this IP.

+

lbX $ sudo vim /etc/keepalived/keepalived.conf

+

vrrp_instance VI_1 { + state MASTER + interface eth0 + virtual_router_id 1 + priority 200 + authentication { + auth_type PASS + auth_pass mySuperSecretPassw0rd + } + virtual_ipaddress { + 1.1.1.12/24; + } +}

+

5c5 +< priority 200

+
+
+
    priority 100
+
+
+

[*] The adjusted priority on lb2 allows lb1 to take precidence and prevent flapping between the two load balancers. If you have a third lbX host, you can make its priority something less than 100 to ensure it will be last in the chain.

+

Restart the keepalived service on both hosts:

+

lbX $ sudo service keepalived restart

+

You should now see the VIP in the list of IP addresses on lb1:

+

lb1 $ ip a +[...] +eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 + link/ether 11:11:11:11:11:11 brd ff:ff:ff:ff:ff:ff + inet 1.1.1.13/24 brd 1.1.1.255 scope global eth0 + inet 1.1.1.12/24 scope global secondary eth0 +[...]

+

Now stop keepalived on lb1, and observe lb2: the IP address will transfer after a second or two:

+

lb1 $ sudo service keepalived stop

+

lb2 $ ip a +[...] +eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 + link/ether 11:11:11:22:22:22 brd ff:ff:ff:ff:ff:ff + inet 1.1.1.14/24 brd 1.1.1.255 scope global eth0 + inet 1.1.1.12/24 scope global secondary eth0 +[...]

+

You can then restart the keepalived service on lb1 and the IP address will return to it, exactly as expected.

+

3b) ldirectord

+

Next is the ldirectord configuration. ldirectord is a load balancer using IPVS, the Linux kernel virtual server, to distribute traffing entering on a VIP between a number of "real servers", . It contains a number of different load-balancing and routing options, however for our purposes, with a "public" network, we will use the 'routed' mode, whereby traffic is directly routed from the VIP to the real server, which has configured on a loopback interface the VIP, allowing traffic to be sent directly back to the client from the real server, reducing load on the load balancers. In effect, the routers simply keep track of incoming packets while the outgoing packets flow right to the client.

+

ldirectord works by performing regular health checks on the real servers; if one is found to be non-working, it is removed from the IPVS configuration, thus preventing clients from being directed to a dead server. Once the service has been restored, ldirectord re-adds the real server to the IPVS configuration, and load-balancing resumes.

+

The following ldirectord.cf file contains all the services that will be provided in HA mode for client access, the list of which is: MySQL, HTTP/S, IMAPS, POPS, and SMTPSUB. I don't allow unsecured access via IMAP or POP3 directly to my mail servers, but you can add these services if desired.

+
lbX $ sudo vim /etc/ldirectord.cf
+
+logfile="daemon"
+fallbackcommand=""
+failurecount=3
+checkinterval=5
+fork=yes
+
+# MySQL database to db1/db2
+virtual=1.1.1.12:3306
+        real=1.1.1.15:3306 gate
+        real=1.1.1.16:3306 gate
+        service=mysql
+        scheduler=sh
+        login="monitor"
+        passwd="monitoringPassw0rd"
+        request="SELECT * from monitoring.monitoring;"
+# Mail services to mail1/mail2
+virtual=1.1.1.12:80
+        real=1.1.1.17:80 gate
+        real=1.1.1.18:80 gate
+        service=http
+        scheduler=sh
+        request="ldirectord.txt"
+        receive="ldirectord"
+virtual=1.1.1.12:443
+        real=1.1.1.17:443 gate
+        real=1.1.1.18:443 gate
+        service=https
+        scheduler=sh
+        request="ldirectord.txt"
+        receive="ldirectord"
+virtual=1.1.1.12:993
+        real=1.1.1.17:993 gate
+        real=1.1.1.18:993 gate
+        service=imaps
+virtual=1.1.1.12:995
+        real=1.1.1.17:995 gate
+        real=1.1.1.18:995 gate
+        service=pops
+virtual=1.1.1.12:465
+        real=1.1.1.17:465 gate
+        real=1.1.1.18:465 gate
+        service=smtp
+
+ + +

Reload the ldirectord service, and use "ipvsadm" to view the resulting IPVS configuration (IP-to-hostname translation is used, if you don't have reverse DNS configured you will see IP addresses):

+
lbX $ sudo service ldirectord restart
+lbX $ sudo ipvsadm
+IP Virtual Server version 1.2.1 (size=4096)
+Prot LocalAddress:Port Scheduler Flags
+  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
+TCP  lb0.example.net:mysql sh
+  -> db1.example.net:mysql        Route   1      0          0         
+  -> db2.example.net:mysql        Route   1      0          0
+TCP  lb0.example.net:http sh
+  -> mail1.example.net:http       Route   1      0          0         
+  -> mail2.example.net:http       Route   1      0          0
+TCP  lb0.example.net:https sh
+  -> mail1.example.net:https      Route   1      0          0         
+  -> mail2.example.net:https      Route   1      0          0
+TCP  lb0.example.net:imaps wrr
+  -> mail1.example.net:imaps      Route   1      0          0         
+  -> mail2.example.net:imaps      Route   1      0          0
+TCP  lb0.example.net:pops wrr
+  -> mail1.example.net:pops       Route   1      0          0         
+  -> mail2.example.net:pops       Route   1      0          0
+TCP  lb0.example.net:submission wrr
+  -> mail1.example.net:submission Route   1      0          0         
+  -> mail2.example.net:submission Route   1      0          0
+
+However, since you have not yet configured any services, there will be no real servers in your output, only the lines containing "lb0.example.net":
+
+IP Virtual Server version 1.2.1 (size=4096)
+Prot LocalAddress:Port Scheduler Flags
+  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
+TCP  lb0.example.net:mysql sh
+TCP  lb0.example.net:http sh
+TCP  lb0.example.net:https sh
+TCP  lb0.example.net:imaps wrr
+TCP  lb0.example.net:pops wrr
+TCP  lb0.example.net:submission wrr
+
+ +

Once this guide is done, compare the resulting output from "ipvsadm" to the above output, and you should see it match!

+

This concludes the configuration required on the load balancers themselves. However, one more piece of configuration must be done to each real server: it must have the VIP address added to a loopback interface to allow services on the server to use that address to reply to clients. This is a required part of the "direct-routing" mode used in IPVS. If you are using an alternate routing mode (for example Masquerade), you do not need this step. On each dbX and mailX host:

+
serverX $ sudo vim /etc/network/interfaces
+
+# Loopback interface
+auto lo
+iface lo inet loopback
+
+# IPVS-DR loopback interface
+auto lo:0
+iface lo:0 inet static
+        address 1.1.1.12
+        netmask 255.255.255.255
+        pre-up sysctl -w net.ipv4.conf.all.arp_ignore=1
+        pre-up sysctl -w net.ipv4.conf.all.arp_announce=2
+
+# Other interfaces, server-specific...
+[...]
+
+ + +

This concludes the configuration of the load balancer setup, and the VIP that will direct requests to the client machines.

+

Setting up MariaDB and Galera multi-master SQL

+

Chapter source: https://blog.mariadb.org/installing-mariadb-galera-cluster-on-debian-ubuntu/

+

As seen above, one of the load-balanced services is MySQL. Databases are used extensively in e-mail servers: they hold information about active accounts, sessions, filter policies; the list goes on. The services of the dbX servers could be integrated into the mailX servers themselves, however in my usage it makes more sense to separate them. You can easily run all of the following on the mailX servers and reduce your IP usage by two if you so desire (just don't forget to edit the ldirectord.cf file in Chapter 3 to match!)

+

The MySQL cluster will be provided by MariaDB, a community-driven fork of Oracle's MySQL, and headed by the original developers of MySQL. It is combined with the Galera replication engine to allow a multi-master cluster than can be load-balanced by IPVS. I am using version 5.5 for maximum compatibility, though the newer releases could be used as well. To prevent split-brain, we also use a third host in the Galera cluster, which will be provided by the filer1 server; if you are using this guide to set up a 3-server cluster, you can exclude that host as quorum will be provided by 3 dbX servers. Run all commands below on filer1 as well as dbX.

+

Start by adding the MariaDB sources (other mirrors can be found at https://downloads.mariadb.org/mariadb/repositories/) into your apt configuration:

+

dbX $ sudo apt-get install python-software-properties +dbX $ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db +dbX $ sudo add-apt-repository 'deb http://mariadb.mirror.rafal.ca/repo/5.5/debian wheezy main'

+

Then update and install the required packages:

+

dbX $ sudo apt-get update +dbX $ sudo apt-get install rsync galera mariadb-galera-server

+

You will be asked for a root password during setup; ensure it is identical on all hosts. Once installed, stop the mysql process as we need it off for the next steps.

+

dbX $ sudo service mysql stop

+

The Galera configuration below is extremely simple; read the Galera documentation for more advanced configuration options. Set the local IP addresses of the cluster members in the "wsrep_cluster_address" line, to keep replication traffic on the unrouted local network. You can also set the "wsrep_cluster_name" to a new value; this is in effect a shared secret for the cluster.

+
dbX $ sudo vim /etc/mysql/conf.d/galera.cnf
+
+[mysqld]
+# MySQL settings
+binlog_format=ROW
+default-storage-engine=innodb
+innodb_autoinc_lock_mode=2
+query_cache_size=0
+query_cache_type=0
+bind-address=0.0.0.0
+# Galera settings
+wsrep_provider=/usr/lib/galera/libgalera_smm.so
+wsrep_cluster_name="db_cluster"
+wsrep_cluster_address="gcomm://10.1.1.11,10.1.1.15,10.1.1.16"
+wsrep_sst_method=rsync
+
+ + +

Also clone the /etc/mysql/debian.cnf file from db1 to the other database hosts; this will, combined with the tweaks below, prevent "debian-sys-maint" access denied warnings when starting the other cluster nodes.

+

Warning: Before we continue, I have discovered a bug in this setup. Because of the IPVS-DR loopback, the Galera cluster will sometimes fail to start on the second or third node of the cluster. The reasons I do not completely understand. To mitigate this however, I made a modification to the "/etc/init.d/mysql" initscript to add an "ifdown lo:0" and corresponding "ifup lo:0" at the beginning and end, respectively, of the "start" function. I recommend doing this to save you hours of headaches!

+

Once the configuration is in place on all nodes, we can start the cluster on the first node:

+

db1 $ sudo service mysql start --wsrep-new-cluster

+

The "--wsrep-new-cluster" directive creates a new active cluster; if all hosts in the Galera cluster go down, you will need to execute this command on a node again to start up the cluster. Data is of course preserved when running this command, and the host it is run on will become the "primary" sync source for the other members of the cluster.

+

On the remaining nodes, start the MySQL service normally:

+

db2,filer1 $ sudo service mysql start

+

If all goes well, they will connect to the cluster master, and data will synchronize. Check the number of nodes in the cluster with:

+

db1 $ mysql -u root -p -e 'SELECT VARIABLE_VALUE as "cluster size" FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME="wsrep_cluster_size"' ++--------------+ +| cluster size | ++--------------+ +| 3 | ++--------------+

+

There are a number of configuration tweaks that must be performed to properly use the MySQL cluster as expected. Enter the database server, and:

+

db1 $ mysql -u root -p +Enter password: +Welcome to the MariaDB monitor. Commands end with ; or \g. +Your MariaDB connection id is 104893 +Server version: 5.5.38-MariaDB-1~wheezy-wsrep-log mariadb.org binary distribution, wsrep_25.10.r3997 +Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others. +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. +MariaDB [(none)]>

+

i) Create a "new" root user with global host access. Yes, you can restrict this per-host, but that gets messy fast + and if you have a properly secured network, you shouldn't have to worry about this too much.

+

MariaDB [(none)]> GRANT ALL PRIVILEGES ON . TO 'root'@'%' WITH GRANT OPTION IDENTIFIED BY ''; +MariaDB [(none)]> GRANT PROXY ON ''@'' TO 'root'@'%' WITH GRANT OPTION;

+

Test that this user works by logging in to another MySQL shell, and if it works fine, drop all "old" root users:

+

MariaDB [(none)]> SELECT User,Host from mysql.user; +[view the resulting list of users] +MariaDB [(none)]> DROP USER 'root'@'db1'; +MariaDB [(none)]> DROP USER 'root'@'db2'; +[etc.]

+

ii) Create a "new" debian-sys-maint user, with slighly more restricted access than the root user; again this user + should be for the global host for simplicity.

+

MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON . TO 'debian-sys-maint'@'%' IDENTIFIED BY '' WITH GRANT OPTION;

+

Make sure that the "/etc/mysql.debian.cnf" file is identical between all the dbX nodes. And like the root user, drop all "old" debian-sys-maint users:

+

MariaDB [(none)]> DROP USER 'debian-sys-maint'@'db1'; +MariaDB [(none)]> DROP USER 'debian-sys-maint'@'db2'; +[etc.]

+

Attempt to stop the mysql service on any one node; it should suceed without any warnings or errors about permission denied; restart it and resume configuration.

+

Now we will add some data to the cluster and observe its replication. The data used is, conveniently, the monitoring framework required by ldirectord.

+

db1 $ mysql -u root -p +MariaDB [(none)]>

+

Begin by creating a new database called 'monitoring'; these values were set in Chapter 3, in ldirectord.cf:

+

MariaDB [(none)]> CREATE DATABASE monitoring;

+

Create a new user, 'monitor', identified by the password 'monitoringPassw0rd', and grant select access to the 'monitoring' database:

+

MariaDB [(none)]> GRANT SELECT ON monitoring.* TO 'monitor'@'%' IDENTIFIED BY 'monitoringPassw0rd';

+

Now, change into the monitoring database, and create a table called "monitoring" containing some data:

+

MariaDB [(none)]> USE monitoring;
+MariaDB [monitoring]> CREATE TABLE monitoring (data VARCHAR(1)); +MariaDB [monitoring]> INSERT INTO monitoring (data) VALUES ("X"); +MariaDB [monitoring]> SELECT * FROM monitoring.monitoring; ++------+ +| data | ++------+ +| X | ++------+ +MariaDB [monitoring]> quit +Bye

+

You have now set up the monitoring table that the ldirectord daemon will connect to and attempt to judge your hosts' health. If everything is configured and working right, you should now see the real servers in the output of "ipvsadm" on lbX:

+

lbX $ sudo ipvsadm +IP Virtual Server version 1.2.1 (size=4096) +Prot LocalAddress:Port Scheduler Flags + -> RemoteAddress:Port Forward Weight ActiveConn InActConn +TCP lb0.example.net:mysql wrr + -> db1.example.net:mysql Route 1 0 0
+ -> db2.example.net:mysql Route 1 0 0 +[...]

+

You can see the data replication by checking any other node: you should be able to see the monitoring database and its table. But if both your dbX servers are in the IPVS configuration above, you should be good to go! Now you can access the databases, load-balanced between the two dbX VMs, from the VIP address at lb0.example.net. I recommend aliasing/pointing "db.example.net" to "lb0.example.net" now as this will be used as a referenced name later.

+

A note about filer1: When setting up the DB, we used filer1 as our third, quorum-holding host. However, as that is not a proper "database" server, it is NOT added to the load-balanced cluster. It is, in effect, a write-only copy of the data to preserve quorum. If you are using three physical servers, and hence three dbX servers, you should be able to use just those 3 to maintain quorum, and load-balance over all 3, in which case you can avoid putting any MySQL on the filer1 server.

+

This concludes the configuration of the database cluster, which is now ready for data to be added from the mailX servers, via the load-balanced VIP address at lb0.example.net.

+

Highly-available, LDAP-backed iRedMail e-mail

+

Chapter source: iRedAdmin Wiki/Existing Tutorials

+

And now for the Piece de resistance, the whole reason for this tutorial: the HA iRedMail cluster! For this setup, we will be using a multi-master LDAP backend to store user data; each mail server will connect to its own, local, LDAP database and those databases will be synchronized between the two servers. This allows iRedAdmin management, as well as user access, to be passed through the load balancer: if a mail server goes down, regardless of which one, the mail administrator(s) can still make changes and continue working as if nothing happened to the infrastructure backend; let the sysadmins worry about that!

+

Note that mirrormode LDAP multi-master clusters are ideally used with a "preferred" master. For this reason, I don't recommend actually using the VIP address to access iRedAdmin under normal situations: manage from mail1, and if needed, manage from mail2 if mail1 is down. This helps preserve consistency so that you can trust one particular host if an LDAP split-brain happens.

+

5a) iRedMail installation with the HA MySQL backend

+

To begin, become root on both mail servers:

+

mailX $ sudo su +mailX #

+

Now download and extract the latest version of iRedMail, at the time of writing iRedMail-0.8.7:

+

mailX # wget iRedMail-0.8.7.tar.bz2 +mailX # tar -xvjf iRedMail-0.8.7.tar.bz2

+

Before we begin installing iRedMail, add a fully-privileged user to the database server that can be used by the install script to set up the databases. This user can be removed after installation; alternatively, you could use root but this is not recommended.

+

db1 # mysql -u root -p +MariaDB [(none)]> GRANT ALL PRIVILEGES ON . TO 'admin_iredmail'@'%' WITH GRANT OPTION IDENTIFIED BY '';

+

Next, mount the NFS Maildir storage from filer1 on both mailX hosts (I prefer the default "/var/vmail"); ensure you add it to "/etc/fstab" as well:

+

mailX # mkdir /var/vmail +mailX # chattr +i /var/vmail +mailX # mount -t nfs -o vers=3,noatime,nodiratime,noexec filer1.local:/srv/var/vmail /var/vmail +mailX # echo "filer1.local:/srv/var/vmail /var/vmail nfs vers=3,noatime,nodiratime,noexec 0 0" >> /etc/fstab

+

Configuration should begin on mail1 first: this will allow us to generate an iRedMail installer 'config' file, which we will then use to ensure mail2 is configured with the same settings.

+

Start the iRedMail installer with variables specifying the database host, user, and grant host (in our case, '%' for simplicity in our MySQL users):

+

mail1 # cd iRedMail-0.8.7/ +mail1 # MYSQL_SERVER='db.example.net' MYSQL_ROOT_USER='admin_iredmail' MYSQL_GRANT_HOST='%' bash iRedMail.sh

+

Follow the directions as per the standard iRedMail setup procedure. In particular, choose an LDAP backend, and choose the NFS directory for the Maildir storage. Also ensure that you save any password you entered: these will eventually be the cluster master passwords. During setup, you will be asked for the password for "admin_iredmail" you set above in order for the installer to access the MySQL cluster. Also, don't use an additional domain when asked for your first virtual domain: use "example.net". This will simplify our deployment and allow you to add actual domains to the full cluster later.

+

Once the iRedMail setup completes, your first node will be operational! Feel free to test it out, and inspect the database servers to confirm that the data for the iRedMail server was properly added to the MySQL cluster backend and is replicating between the hosts as expected.

+

Next, copy the "config" file from the iRedMail installer directory over to the second server. This will ensure all our passwords and configuration options are synced and everything will work properly within the cluster.

+

mail1 # cd ~ +mail1 # scp iRedMail-0.8.7/config mail2:~/iRedMail-0.8.7/

+

You are now ready to begin the setup procedure on mail2. Use the same command from mail1 on mail2, and ignore any errors from MySQL about databases already existing (since they do!):

+

mail2 # cd iRedMail-0.8.7/ +mail2 # MYSQL_SERVER='db.example.net' MYSQL_ROOT_USER='admin_iredmail' MYSQL_GRANT_HOST='%' bash iRedMail.sh

+

You will be informed that a config already exists; would you like to use it? Select "yes" to use the same settings as mail1 on mail2.

+

A little bit of setup is required for ldirectord to manage the web page load balancing. Create a text file in the root of the web server (usually "/var/www") called "ldirectord.txt", containing the string "ldirectord"; as before, this was configured in the ldirectord.cf file on lbX:

+

mailX # echo "ldirectord" > /var/www/ldirectord.txt

+

As is good practice, drop back out of root to your unprivileged user now:

+

mailX # exit +mailX $

+

5b) Setting up LDAP multi-master replication

+

Chapter source: http://www.openldap.org/doc/admin24/replication.html

+

Once the install completes on mail2, we can proceed with configuring LDAP in a multi-master replication between mail1 and mail2 (and mail3 if you desire).

+

Start by stopping the slapd service on both hosts:

+

mailX $ sudo service slapd stop

+

Edit the /etc/ldap/slapd.conf file on both hosts:

+

mailX $ sudo vim /etc/ldap/slapd.conf

+

Make the following changes:

+

i) under the "# Modules." section, add:

+

moduleload syncprov

+

ii) at the end of the file, add:

+
# Multi master replication
+ServerID        1 "ldap://mail1.example.net"
+ServerID        2 "ldap://mail2.example.net"
+overlay         syncprov
+syncprov-checkpoint     10 1
+syncprov-sessionlog     100
+syncrepl        rid=1
+                provider="ldap://mail1.local"
+                type=refreshAndPersist
+                interval=00:00:00:10
+                retry="5 10 60 +"
+                timeout=1
+                schemachecking=off
+                searchbase="dc=bonilan,dc=net"
+                scope=sub 
+                bindmethod=simple
+                binddn="cn=Manager,dc=example,dc=net"
+                credentials="<LDAP rootdn password in plaintext>"
+syncrepl        rid=2
+                provider="ldap://mail2.local"
+                type=refreshAndPersist
+                interval=00:00:00:10
+                retry="5 10 60 +"  
+                timeout=1 
+                schemachecking=off
+                scope=sub 
+                searchbase="dc=bonilan,dc=net"
+                bindmethod=simple
+                binddn="cn=Manager,dc=example,dc=net"
+                credentials="<LDAP rootdn password in plaintext>"
+MirrorMode      on
+
+ + +

You can now start slapd on mail1:

+
mail1 $ sudo service slapd start
+
+ +

It should start normally; now, start it on mail2:

+
mail2 $ sudo service slapd start
+
+ +

Since you used the same "config" file for both, all the data should match up and you will now have a functioning, replicated LDAP setup. Test it out by using iRedAdmin to add data on mail1, and check if it exists on mail2. If it does, congratulations! You have a fully HA iRedMail setup.

+

Final notes

+

You now have a fully-functional cluster. All data is HA, and can tolerate the failure of any one set of nodes without interruption of service, either on the user or administrator side. You can now set up your first virtual domain (example.net) with some users, and configure DNS for it:

+
example.net     IN  MX  1 mail1.example.net
+example.net     IN  MX  1 mail2.example.net
+mail.example.net    IN  A   1.1.1.12
+smtp.example.net    IN  A   1.1.1.12
+imap.example.net    IN  A   1.1.1.12
+pop.example.net     IN  A   1.1.1.12
+
+ +

With this setup, your incoming mail will be redirected to one of either mail1 or mail2, where Postfix will filter and deliver it to the LDAP-backed mailbox of the domain user. Stored on NFS, that user can then access the mail using HTTP/S webmail, IMAPS, or POPS on the VIP, which will redirect to one of the two servers based on load and availability. The Dovecot session will use the syncronized MySQL backend to ensure consistency, and will read the data from the shared Maildir regardless of which real server the user is connected to. Try it out with a few users, and tinker with the settings to get it just perfect for you. And voila! A HA mail solution in under 6000 words!

+ + +
Copyright (C)  2014  JOSHUA BONIFACE.
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3
+or any later version published by the Free Software Foundation;
+with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
+A copy of the license is included in the section entitled "GNU
+Free Documentation License". --- https://gnu.org/licenses/fdl.html
+
+ +

Joshua Boniface is a Linux system administrator from Burlington, ON, Canada, specializing in Debian-based distributions. He can be found online under the handle "djbon2112", via his e-mail address joshua boniface me, and at his website (under construction) http://www.boniface.me.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/ignore.trash.folder.in.quota.html b/html/ignore.trash.folder.in.quota.html new file mode 100644 index 00000000..d6257016 --- /dev/null +++ b/html/ignore.trash.folder.in.quota.html @@ -0,0 +1,64 @@ + + + + Ignore Trash folder in mailbox quota + + + + +

Ignore Trash folder in mailbox quota

+

Per-user mailbox quota rule is defined in Dovecot, in one of below files:

+ +

If no per-user quota rules found, Dovecot will use 'quota_rule[X]' defined in +/etc/dovecot/dovecot.conf. For example:

+
# File: /etc/dovecot/dovecot.conf
+
+plugin {                                                                        
+
+    quota = dict:user::proxy::quotadict
+    quota_rule = *:storage=1G
+    #quota_rule2 = *:messages=0
+    #quota_rule3 = Trash:storage=1G
+    #quota_rule4 = Junk:ignore
+
+    ...
+}
+
+ +

So, if you want to ignore quota of Trash folder, you can add new quota_rule +in either /etc/dovecot/dovecot.conf or /etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf.

+ +
# File: /etc/dovecot/dovecot.conf
+
+plugin {                                                                        
+
+    quota = dict:user::proxy::quotadict
+    quota_rule = *:storage=1G
+    quota_rule2 = Trash:ignore
+
+    ...
+}
+
+ + +
# File: /etc/dovecot/dovecot-ldap.conf
+user_attrs      = ...,mailQuota=quota_rule=*:bytes=%$,=quota_rule2=Trash:ignore
+
+# File: /etc/dovecot/dovecot-mysql.conf, or dovecot-pgsql.conf
+user_query = SELECT ... \
+                   CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule \
+                   'Trash:ignore' AS quota_rule2 \
+                   FROM ...
+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/images/Markasjunk2_toolbar_button.png b/html/images/Markasjunk2_toolbar_button.png similarity index 100% rename from images/Markasjunk2_toolbar_button.png rename to html/images/Markasjunk2_toolbar_button.png diff --git a/images/README b/html/images/README similarity index 100% rename from images/README rename to html/images/README diff --git a/images/Thunderbird.imap.png b/html/images/Thunderbird.imap.png similarity index 100% rename from images/Thunderbird.imap.png rename to html/images/Thunderbird.imap.png diff --git a/images/Thunderbird.new.mail.account.png b/html/images/Thunderbird.new.mail.account.png similarity index 100% rename from images/Thunderbird.new.mail.account.png rename to html/images/Thunderbird.new.mail.account.png diff --git a/images/Thunderbird.new.mail.account.setup.png b/html/images/Thunderbird.new.mail.account.setup.png similarity index 100% rename from images/Thunderbird.new.mail.account.setup.png rename to html/images/Thunderbird.new.mail.account.setup.png diff --git a/images/Thunderbird.pop3.png b/html/images/Thunderbird.pop3.png similarity index 100% rename from images/Thunderbird.pop3.png rename to html/images/Thunderbird.pop3.png diff --git a/images/Thunderbird.smtp.png b/html/images/Thunderbird.smtp.png similarity index 100% rename from images/Thunderbird.smtp.png rename to html/images/Thunderbird.smtp.png diff --git a/html/index.html b/html/index.html new file mode 100644 index 00000000..28d5f3a4 --- /dev/null +++ b/html/index.html @@ -0,0 +1,60 @@ + + + + iRedMail Documentations + + + + +

We're working on migrating old wiki documents to Markdown format for easier maintenance.

+

Install iRedMail

+ +

How to

+ +

Third-party integrations.

+ +

Cluster solutions

+ +

Backup, restore and migration

+ +

Troubleshooting and Debug

+ +

Frequently Asked Questions

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/ldap.add.alias.domain.html b/html/ldap.add.alias.domain.html new file mode 100644 index 00000000..a83b3812 --- /dev/null +++ b/html/ldap.add.alias.domain.html @@ -0,0 +1,60 @@ + + + + LDAP: Add an alias domain + + + + +

LDAP: Add an alias domain

+

What an alias domain is used for?

+

Let's say you have a mail domain example.com hosted on your iRedMail server, +if you add domain name domain.ltd as an alias domain of example.com, all +emails sent to username@domain.ltd will be delivered to user +username@example.com's mailbox.

+

Add alias domain with iRedAdmin-Pro

+

With iRedAdmin-Pro, you can simply add alias domain name in domain profile page, +under tab Aliases.

+

Screenshot:

+

+

How to add an alias domain with phpLDAPadmin:

+ +

Now you should add addition mail address for all mail users, lists, aliases. +For example, if you have mail user user@example.com, you should add addition +email address user@domain.ltd for this user. Steps:

+ +

If you have several mail accounts (mail users, lists, aliases), you have to +add addition email address for them all.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/ldap.add.mail.alias.html b/html/ldap.add.mail.alias.html new file mode 100644 index 00000000..13c8a3ea --- /dev/null +++ b/html/ldap.add.mail.alias.html @@ -0,0 +1,42 @@ + + + + LDAP: Add a mail alias account + + + + +

LDAP: Add a mail alias account

+ +

WARNING: Attribute enabledService requires two values: mail, deliver.

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/ldap.add.mail.list.html b/html/ldap.add.mail.list.html new file mode 100644 index 00000000..115ba8b2 --- /dev/null +++ b/html/ldap.add.mail.list.html @@ -0,0 +1,90 @@ + + + + LDAP: Add a mail list account + + + + +

LDAP: Add a mail list account

+

Add mail list with iRedAdmin-Pro

+

With iRedAdmin-Pro, you can easily add mail list account by click menu: +Add -> Mail List in main navigation bar.

+

Add mail list with phpLDAPadmin

+ +

+ Choose mailList in ObjectClasses list, then click Proceed. + Select mail as RDN, fill necessary values of attributes:

+
dn: mail=demolist@demo.iredmail.org,ou=Groups,domainName=demo.iredmail.org,o=domains,dc=iredmail,dc=org
+accountStatus: active
+cn: demolist
+enabledService: mail
+enabledService: deliver
+enabledService: displayedInGlobalAddressBook
+mail: demolist@demo.iredmail.org
+objectClass: mailList
+
+ +

Now switch to ou=Users under you domain LDAP dn in left panel.

+ +

You can add as many memberOfGroup=xxx as you want, which means this user is assigned to many mail lists.

+

Here's sample to add external users as mail list members:

+
dn: memberOfGroup=demolist@demo.iredmail.org,ou=Externals,domainName=demo.iredmail.org,o=domains,dc=iredmail,dc=org
+accountstatus: active
+enabledservice: mail
+enabledservice: deliver
+mail: user01@external.com
+mail: user02@external.com
+memberofgroup: demolist@demo.iredmail.org
+objectclass: mailExternalUser
+
+ +

IMPORTANT NOTE: If you don't have any mail list member, Postfix will report error like below:

+
Aug  1 15:45:42 mail postfix/smtpd[6024]: NOQUEUE: reject: RCPT from unknown[1.1.1.1]: 550 5.1.1
+<it@domain1.ru>: Recipient address rejected: User unknown in virtual mailbox table; from=<test@domain1.ru>
+ to=<it@domain1.ru> proto=ESMTP helo=<[2.2.2.2]>
+
+ +

Mail list access policies

+

You can restrict who can send email to this mailing list by adding LDAP attribute accessPolicy. For example:

+
dn: mail=demolist@demo.iredmail.org,ou=Groups,domainName=demo.iredmail.org,o=domains,dc=iredmail,dc=org
+accesspolicy: domain
+...
+
+ +

This access restriction is implemented in iRedAPD (a simple Postfix policy +server), iRedMail has it enabled by default.

+

Available access policies are:

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/ldap.user.mail.forwarding.html b/html/ldap.user.mail.forwarding.html new file mode 100644 index 00000000..087dad1a --- /dev/null +++ b/html/ldap.user.mail.forwarding.html @@ -0,0 +1,47 @@ + + + + LDAP: User mail forwarding. + + + + +

LDAP: User mail forwarding.

+

Set mail forwarding with iRedAdmin-Pro

+

With iRedAdmin-Pro, you can simply add mail forwarding addresses in user +profile page, under tab Forwarding.

+

Screenshot:

+

+

Set mail forwarding with phpLDAPadmin

+

To forward emails to other email addresses, you can add value in LDAP attribute +mailForwardingAddress of user object.

+

For example, if you want to forward all emails sent to user@domain.ltd to +two addresses: forward@domain.ltd, user@gmail.com. Steps:

+
    +
  1. +

    Login to phpLDAPadmin (https://[your_server]/phpldapadmin ) as LDAP root dn +cn=Manager,dc=xx,dc=xx or 'cn=vmailadmin,dc=xx,dc=xx'.

    +
    2. +
  2. +

    Find the LDAP object of email account which you want to forward emails in +left panel of phpLDAPadmin, click the ldap object, phpLDAPadmin will show you +detailed LDAP attributes/values in right panel.

    +
    3. +
  3. +

    Add a new LDAP attribute mailForwardingAddress to this mail account, set +value to first forwarding address forward@domain.ltd.

    +
    4. +
  4. +

    Repeat step #3, add another email address: user@gmail.com.

    +
    5. +
  5. +

    Save your changes.

    +
    6. +
+

Now all emails sent to user@domain.ltd will be forwarded to both +forward@domain.ltd and user@gmail.com.

+

If you want to save a copy of forwarded email, please add 'user@domain.ltd' as addition value of LDAP attribute 'mailForwardingAddress'.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/migrate.or.upgrade.iredadmin.html b/html/migrate.or.upgrade.iredadmin.html new file mode 100644 index 00000000..75185a48 --- /dev/null +++ b/html/migrate.or.upgrade.iredadmin.html @@ -0,0 +1,58 @@ + + + + Migrate iRedAdmin open source edition to iRedAdmin-Pro + + + + +

Migrate iRedAdmin open source edition to iRedAdmin-Pro

+
+ +
+

This tutorial describes how to migrate iRedAdmin open source edition or old +iRedAdmin-Pro release to the latest iRedAdmin-Pro (full-featured edition).

+

Requirements

+ +

Upgrade Steps

+ +
# cd /root/
+# tar xjf iRedAdmin-Pro-x.y.z.tar.bz2
+# cd iRedAdmin-Pro-x.y.z/tools/
+# bash upgrade_iredadmin.sh
+
+ +

That's all. If it doesn't work for you, please post a new topic in our +online support forum.

+

Addition optional steps

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/migrate.to.new.iredmail.server.html b/html/migrate.to.new.iredmail.server.html new file mode 100644 index 00000000..514926d1 --- /dev/null +++ b/html/migrate.to.new.iredmail.server.html @@ -0,0 +1,137 @@ + + + + Migrate old iRedMail server to the latest stable release + + + + +

Migrate old iRedMail server to the latest stable release

+
+ +
+

WARNING: Please try it on a test server first. if it works well, then try it on product server.

+

Since new iRedMail server will install same components as old server, you can choose what data you want to migrate. Most important data are:

+ +

WARNING: Do not restore database mysql exported from old server, it contains SQL usernames/passwords for Roundcube/Amavisd/Policyd/Cluebringer used on old server. New iRedMail server has the same SQL usernames, but different passwords. So please do not restore it.

+

Client settings (Outlook, Thunderbird)

+

Since iRedMail-0.8.7, iRedMail enforces secure POP3/IMAP/SMTP connections. +Mail client programs must issue 'STARTTLS' command before authentication, +so please update your mail client programs you must change your mail client +programs (e.g. Outlook, Thunderbird) to use TLS connection.

+ +

Addition notes:

+ +

LDAP: migrate mail accounts

+

Steps to migrate LDAP mail accounts:

+ +

Normally, LDAP data can be exported into LDIF format. Here's backup/export script: http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Backup

+

Note: + There might be some changes in LDAP schema, please find scripts in below URL to apply all required changes: https://bitbucket.org/zhb/iredmail/src/default/extra/update/ + You can find all upgrade tutorials of iRedMail here: http://www.iredmail.org/doc.html#upgrade_tutorial

+

MySQL/PostgreSQL: Migrate mail accounts

+

All mail accounts are stored in database vmail by default, to migrate mail +accounts, you can simply export this database on old server, then import it +on new server.

+

IMPORTANT NOTE: iRedMail-0.8.7 drops several SQL columns, so before you +import backup SQL database, please add them first. It's safe to drop them +after you imported old database on new server.

+
mysql> USE vmail;
+
+mysql> ALTER TABLE mailbox ADD COLUMN bytes BIGINT(20) NOT NULL DEFAULT 0;
+mysql> ALTER TABLE mailbox ADD COLUMN messages BIGINT(20) NOT NULL DEFAULT 0;
+
+mysql> ALTER TABLE domain ADD COLUMN defaultlanguage VARCHAR(5) NOT NULL DEFAULT 'en_US';
+mysql> ALTER TABLE domain ADD COLUMN defaultuserquota BIGINT(20) NOT NULL DEFAULT '1024';
+mysql> ALTER TABLE domain ADD COLUMN defaultuseraliases TEXT;
+mysql> ALTER TABLE domain ADD COLUMN disableddomainprofiles VARCHAR(255) NOT NULL DEFAULT '';
+mysql> ALTER TABLE domain ADD COLUMN disableduserprofiles VARCHAR(255) NOT NULL DEFAULT '';
+mysql> ALTER TABLE domain ADD COLUMN defaultpasswordscheme VARCHAR(10) NOT NULL DEFAULT '';
+mysql> ALTER TABLE domain ADD COLUMN minpasswordlength INT(10) NOT NULL DEFAULT 0;
+mysql> ALTER TABLE domain ADD COLUMN maxpasswordlength INT(10) NOT NULL DEFAULT 0;
+
+mysql> ALTER TABLE alias ADD COLUMN islist TINYINT(1) NOT NULL DEFAULT 0;
+
+ +

After imported backup SQL databases, please execute below commands to mark +mail alias accounts and drop above newly created columns:

+
mysql> USE vmail;
+mysql> UPDATE alias SET islist=1 WHERE address NOT IN (SELECT username FROM mailbox);
+mysql> UPDATE alias SET islist=0 WHERE address=domain;    -- domain catch-all account
+
+-- Store values into new column: domain.settings and drop them
+mysql> UPDATE domain SET settings='';
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(defaultlanguage IS NULL OR defaultlanguage='', '', CONCAT('default_language:', defaultlanguage, ';')));
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(defaultuserquota IS NULL OR defaultuserquota=0, '', CONCAT('default_user_quota:', defaultuserquota, ';')));
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(defaultuseraliases IS NULL OR defaultuseraliases='', '', CONCAT('default_groups:', defaultuseraliases, ';')));
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(minpasswordlength IS NULL OR minpasswordlength=0, '', CONCAT('min_passwd_length:', minpasswordlength, ';')));
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(maxpasswordlength IS NULL OR maxpasswordlength=0, '', CONCAT('max_passwd_length:', maxpasswordlength, ';')));
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(disableddomainprofiles IS NULL OR disableddomainprofiles='', '', CONCAT('disabled_domain_profiles:', disableddomainprofiles, ';')));
+mysql> UPDATE domain SET settings=CONCAT(settings, IF(disableduserprofiles IS NULL OR disableduserprofiles='', '', CONCAT('disabled_user_profiles:', disableduserprofiles, ';')));
+
+mysql> ALTER TABLE domain DROP defaultlanguage;
+mysql> ALTER TABLE domain DROP defaultuserquota;
+mysql> ALTER TABLE domain DROP defaultuseraliases;
+mysql> ALTER TABLE domain DROP minpasswordlength;
+mysql> ALTER TABLE domain DROP maxpasswordlength;
+mysql> ALTER TABLE domain DROP disableddomainprofiles;
+mysql> ALTER TABLE domain DROP disableduserprofiles;
+
+ +

IMPORTANT NOTE: There might be some changes in SQL structure, please read +all upgrade tutorials for your current iRedMail release, then apply SQL +structure related changes. For example: +http://www.iredmail.org/wiki/index.php?title=Upgrade/iRedMail/0.7.4-0.8.0#Add_internal_service_required_by_Doveadm_2

+

Migrate mailboxes (Maildir format)

+ +

WARNING: please make sure maildir path stored in SQL/LDAP matches the mailbox +path on file system, so that mail clients can find imported emails.

+

Migrate Roundcube webmail data

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/monitor.incoming.and.outgoing.mails.with.bcc.html b/html/monitor.incoming.and.outgoing.mails.with.bcc.html new file mode 100644 index 00000000..a225e29c --- /dev/null +++ b/html/monitor.incoming.and.outgoing.mails.with.bcc.html @@ -0,0 +1,65 @@ + + + + Monitor incoming and outgoing mails with BCC + + + + +

Monitor incoming and outgoing mails with BCC

+
+ +
+

This tutorial describes how to configure your iRedMail server (OpenLDAP backend) +to monitor incoming and outgoing mails with BCC, via iRedAdmin-Pro or phpLDAPadmin.

+

Manage BCC settings with iRedAdmin-Pro

+

With iRedAdmin-Pro, you can configure BCC easily.

+ +

Manage BCC settings with phpLDAPadmin or other LDAP client tools

+ +
# per-domain sender bcc
+enabledService=senderbcc
+domainSenderBccAddress=user@domain.com
+
+# per-domain recipient bcc
+enabledService=recipientbcc
+domainRecipientBccAddress=user@domain.com
+
+ + +
# per-domain sender bcc
+enabledService=senderbcc
+userSenderBccAddress=user@domain.com
+
+# per-domain recipient bcc
+enabledService=recipientbcc
+userRecipientBccAddress=user@domain.com
+
+ +

Screenshot of iRedAdmin-Pro

+

Per-domain bcc settings: +

+

Per-user bcc settings: +


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/password.hashes.html b/html/password.hashes.html new file mode 100644 index 00000000..92de2d28 --- /dev/null +++ b/html/password.hashes.html @@ -0,0 +1,70 @@ + + + + Password hashes + + + + +

Password hashes

+

Password hashes supported by iRedMail

+

iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all +password schemes supported by Dovecot can be used in iRedMail. Please refer to +Dovecot wiki page +Password Schemes for more details.

+

Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):

+ +

NOTE: Dovecot claims it supports SSHA512, but I didn't get it work. +Please test it first if you choose SSHA512.

+

Default password schemes used in iRedMail

+ +

How to use different password hashes in iRedMail

+

For MySQL and PostgreSQL backends

+

All mail users are stored in SQL table vmail.mailbox, user password is stored +in SQL column mailbox.password. For example:

+
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
+sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
+sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
+
+ + +
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
+
+ + +

For LDAP backends

+

User password is stored in attribute userPassword of user object.

+ +

IMPORTANT NOTE: If you want to input password hash with phpLDAPadmin, +please choose clear in the password hash list, then input password hash.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/pipe.incoming.email.for.certain.user.to.external.script.html b/html/pipe.incoming.email.for.certain.user.to.external.script.html new file mode 100644 index 00000000..b61c9d92 --- /dev/null +++ b/html/pipe.incoming.email.for.certain.user.to.external.script.html @@ -0,0 +1,81 @@ + + + + Pipe incoming email for certain user to external script + + + + +

Pipe incoming email for certain user to external script

+

This tutorial explains how to pipe incoming email for certain user to external script.

+

Configure Postfix to use your external script as transport

+

To pipe incoming emails to external script, you must add your external script +as Postfix transport program. Please add below line at the bottom of Postfix +config file /etc/postfix/master.cf:

+
external-pipe   unix    -   n   n   -   -   pipe
+    flags= user=vmail:vmail argv=/path/to/your/external/script.sh
+
+ +

Note:

+ +
external-pipe   unix    -   n   n   -   -   pipe
+    flags=DRhu user=vmail:vmail argv=/path/to/your/external/script.sh -f ${sender} -d ${user}@${domain} -m ${extension}
+
+ + +

Now restart Postfix service to make this new transport available:

+
# /etc/init.d/postfix restart
+
+ +

Update per-user transport to use this new transport

+

We need to update per-user transport setting, so that all emails delivered to +this user will be piped to this new transport - your script.

+ +
sql> USE vmail;
+sql> UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
+
+ +

That's all.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/quarantining.html b/html/quarantining.html new file mode 100644 index 00000000..b553f547 --- /dev/null +++ b/html/quarantining.html @@ -0,0 +1,140 @@ + + + + Quarantining + + + + +

Quarantining

+
+ +
+

Summary

+

Since iRedMail-0.7.0, quarantining related settings in Amavisd are configured +by iRedMail but disabled by default, you can easily enable quarantining with +this tutorial.

+

With below steps, Virus/Spam/Banned emails will be quarantined into SQL database. +You can then manage quarantined emails with iRedAdmin-Pro.

+

Update Amavisd config file to enable normal quarantining

+

Edit Amavisd config file, find below settings and update them. If it doesn't +exist, please add them.

+ +
# File: amavisd.conf
+
+# Change below 3 parameters to D_DISCARD.
+$final_virus_destiny = D_DISCARD;
+$final_spam_destiny = D_DISCARD;
+$final_banned_destiny = D_DISCARD;
+
+# Quarantine SPAM into SQL server.
+$spam_quarantine_to = 'spam-quarantine';
+$spam_quarantine_method = 'sql:';
+
+# Quarantine VIRUS into SQL server.
+$virus_quarantine_to = 'virus-quarantine';
+$virus_quarantine_method = 'sql:';
+
+# Quarantine BANNED emails into SQL server.
+$banned_quarantine_to = 'banned-quarantine';
+$banned_files_quarantine_method = 'sql:';
+
+ +

Also, make sure you have below lines configured in same config file:

+
# For MySQL
+@storage_sql_dsn = (
+    ['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', 'password'],
+);
+
+# For PostgreSQL
+#@storage_sql_dsn = (
+#    ['DBI:Pg:database=amavisd;host=127.0.0.1;port=5432', 'amavisd', 'password'],
+#);
+
+ +

Restart amavisd service to make it work.

+

Configure iRedAdmin-Pro to manage quarantined mails

+

Update iRedAdmin-Pro config file, make sure you have correct settings for Amavisd:

+ +
# File: settings.py
+
+amavisd_db_host = '127.0.0.1'
+amavisd_db_port = 3306
+amavisd_db_name = 'amavisd'
+amavisd_db_user = 'amavisd'
+amavisd_db_password = 'password'
+
+amavisd_enable_logging = True
+
+amavisd_enable_quarantine = True
+amavisd_quarantine_port = 9998
+
+# This setting is used for per-recipient spam policy
+amavisd_enable_policy_lookup = True
+
+ +

Restart Apache web server to make it work.

+

You can now login to iRedAdmin-Pro, and manage quarantined mails via menu +System -> Quarantined Mails. Choose action in drop-down menu list to release +or delete them.

+

Screenshots attached at the bottom.

+

Quarantine clean emails

+

If you want to quarantine clean emails into SQL database for further approval +or whatever reason, please try below steps:

+ +
# File: /etc/amavisd/amavisd.conf
+
+$clean_quarantine_method = 'sql:';
+$clean_quarantine_to = 'clean-quarantine';
+
+ + +
$policy_bank{'MYUSERS'} = {
+    ...
+    clean_quarantine_method => 'sql:',
+    final_destiny_by_ccat => {CC_CLEAN, D_DISCARD},
+}
+
+ + +

Now all clean emails sent by your mail users will be quarantined into SQL +database.

+

Screenshots

+ +

+ +


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/recalculate.mailbox.quota.html b/html/recalculate.mailbox.quota.html new file mode 100644 index 00000000..15f31d72 --- /dev/null +++ b/html/recalculate.mailbox.quota.html @@ -0,0 +1,34 @@ + + + + Force Dovecot to recalculate mailbox quota + + + + +

Force Dovecot to recalculate mailbox quota

+

iRedMail enables dict quota since iRedMail-0.7.0, dict quota is recalculated +only if the quota goes below zero

+ +
mysql> USE vmail;
+mysql> DELETE FROM used_quota WHERE username='user@domain.ltd';
+
+ + +
mysql> USE iredadmin;
+mysql> DELETE FROM used_quota WHERE username='user@domain.ltd';
+
+ +

Re-login via POP3/IMAP (or webmail) will trigger Dovecot to recalculate mailbox +quota.

+

TIP: it's safe to delete records in SQL table used_quota if mail user +was deleted in table vmail.mailbox or LDAP. iRedAdmin-Pro will handle this +for you automatically.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/sogo-centos-6-mysql.html b/html/sogo-centos-6-mysql.html new file mode 100644 index 00000000..b83ce900 --- /dev/null +++ b/html/sogo-centos-6-mysql.html @@ -0,0 +1,138 @@ + + + + SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend) + + + + +

SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)

+
+ +
+

Requirements

+ +

Install SOGo

+ +
# yum repolist | grep -i 'epel'
+epel              Extra Packages for Enterprise Linux 6 - x86_64          11,109
+
+ + +
[SOGo]
+name=Inverse SOGo Repository
+baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
+gpgcheck=0
+
+ + +
# yum install sogo sope49-gdl1-mysql sogo-activesync libwbxml
+
+ +

Create SQL database to store SOGo data

+
$ mysql -u root -p
+
+mysql> CREATE DATABASE sogo CHARSET='UTF8';
+mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
+
+-- TODO
+mysql> GRANT SELECT ON vmail.mailbox TO sogo@localhost;
+
+mysql> CREATE VIEW sogo.sogo_users (c_uid, c_name, c_password, c_cn, mail, home) AS SELECT username, username, password, name, username, maildir FROM vmail.mailbox;
+
+ +

Configure SOGo

+

Default SOGo config file is /etc/sogo/sogo.conf:

+
(
+    WOPort = 127.0.0.1:20000;
+
+    SOGoProfileURL = "mysql://sogo:password@localhost:3306/sogo/sogo_user_profile";
+    OCSFolderInfoURL = "mysql://sogo:password@localhost:3306/sogo/sogo_folder_info";
+    OCSSessionsFolderURL = "mysql://sogo:password@localhost:3306/sogo/sogo_sessions_folder";
+
+    SOGoIMAPServer = "127.0.0.1";
+    SOGoDraftsFolderName Drafts
+    SOGoSentFolderName Sent
+    SOGoTrashFolderName Trash
+
+    SOGoMailingMechanism = smtp;
+    SOGoSMTPServer = 127.0.0.1;
+
+    // Enable managesieve service
+    SOGoSieveServer = sieve://127.0.0.1:4190;
+    SOGoSieveScriptsEnabled = YES;
+    SOGoVacationEnabled = YES;
+
+    SOGoMemcachedHost = 127.0.0.1;
+
+    SOGoTimeZone = "Europe/Berlin";
+
+    SOGoFirstDayOfWeek = 1;
+
+    SOGoMailMessageCheck = every_5_minutes;
+    SOGoForceExternalLoginWithEmail = YES;
+    SOGoAppointmentSendEMailNotifications = YES;
+    SOGoFoldersSendEMailNotifications = YES;
+    SOGoACLsSendEMailNotifications = YES;
+
+    // OCSEMailAlarmsFolderURL = "mysql://sogo:password@localhost:3306/sogo/sogo_alarms_folder";
+
+    SOGoPasswordChangeEnabled = YES;
+
+    SOGoUserSources =
+    (
+        {
+            type = sql;
+            id = directory;
+            viewURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_users";
+            canAuthenticate = YES;
+            isAddressBook = YES;
+            userPasswordAlgorithm = md5;
+            prependPasswordScheme = YES;
+        }
+    );
+
+ +

NOTE: SOGo will create required SQL tables automatically +(sogo_user_profile, sogo_folder_info, sogo_sessions_folder, ...), we +don't need to create them manually.

+

Start SOGo and dependent services

+
service sogod start
+service httpd restart
+service memcached start
+
+ +

How to configure client applications

+

Apple Devices

+

URL for calendar service: http://[host]/SOGo/dav/[user]/

+

TODO

+

References


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/sql.create.mail.alias.html b/html/sql.create.mail.alias.html new file mode 100644 index 00000000..a25518a7 --- /dev/null +++ b/html/sql.create.mail.alias.html @@ -0,0 +1,30 @@ + + + + SQL: Create an mail alias account with SQL command line + + + + +

SQL: Create an mail alias account with SQL command line

+

To create an mail alias account, you can simply insert a SQL record in table +vmail.alias. For example:

+
sql> USE vmail;
+sql> INSERT INTO alias (address, goto, domain) \
+     VALUES ('original@example.com', \
+             'user1@example.com,user2@example.com,user1@test.com', \
+             'example.com');
+
+ +

NOTES:

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/store.spamassassin.bayes.in.sql.html b/html/store.spamassassin.bayes.in.sql.html new file mode 100644 index 00000000..bc666e0f --- /dev/null +++ b/html/store.spamassassin.bayes.in.sql.html @@ -0,0 +1,203 @@ + + + + Store SpamAssassin bayes in SQL + + + + +

Store SpamAssassin bayes in SQL

+

THIS ARTICLE IS STILL A DRAFT, DO NOT APPLY IT IN PRODUCTION SERVER.

+

Summary

+

This article will guide you to configure related components to store +SpamAssassin Bayes data in SQL server, and allow webmail users to report spam +with one click.

+

Tested with:

+ +

Notes:

+ +

IMPORTANT NOTE:

+ +

Create required SQL database used to store bayes data

+

We need to create a SQL database and necessary tables to store SpamAssassin +bayes data. The RPM package installed on CentOS 6 doesn't ship SQL template +for bayes database, so we have to download it from Apache web site. We're +running SpamAssassin-3.3.1, so what we need is this SQL template file: +http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_3_1/sql/bayes_mysql.sql. +If you're running different version, please find the proper SQL file here: +http://svn.apache.org/repos/asf/spamassassin/tags/.

+
# cd /root/
+# wget http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_3_1/sql/bayes_mysql.sql
+
+ +

Create MySQL database and import SQL template file:

+
# mysql -uroot -p
+mysql> CREATE DATABASE sa_bayes;
+mysql> USE sa_bayes;
+mysql> SOURCE /root/bayes_mysql.sql;
+
+ +

Create a new MySQL user (with password sa_user_password) and grant +permissions. IMPORTANT NOTE: Please replace password sa_user_password +by your own password.

+
mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_user_password';
+mysql> FLUSH PRIVILEGES;
+
+ +

Enable Bayes modules in SpamAssassin

+

Edit /etc/mail/spamassassin/local.cf, add (or modify below settings):

+
use_bayes          1
+bayes_auto_learn   1
+bayes_auto_expire  1
+
+# Store bayesian data in MySQL
+bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
+bayes_sql_dsn      DBI:mysql:sa_bayes:127.0.0.1:3306
+
+# Store bayesian data in PostgreSQL
+#bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
+#bayes_sql_dsn      DBI:Pg:sa_bayes:127.0.0.1:5432
+
+bayes_sql_username sa_user
+bayes_sql_password sa_user_password
+
+# Override the username used for storing
+# data in the database. This could be used to group users together to
+# share bayesian filter data. You can also use this config option to
+# trick sa-learn to learn data as a specific user.
+bayes_sql_override_username vmail
+
+ +

Make sure SpamAssassin will load bayes modules:

+
# /etc/init.d/amavisd stop
+# amavisd -c /etc/amavisd/amavisd.conf debug 2>&1 | grep -i 'bayes'
+May 16 09:59:33 ... SpamAssassin loaded plugins: ..., Bayes, ...
+May 16 10:27:38 ... extra modules loaded after daemonizing/chrooting:
+    Mail/SpamAssassin/BayesStore/MySQL.pm, Mail/SpamAssassin/BayesStore/SQL.pm, ...
+
+ +

Looks fine. Now press Ctrl-C to terminate above command.

+

Start Amavisd service:

+
# /etc/init.d/amavisd restart
+
+ +

It is required we initialize the database by learning a message. We use the +sample spam email shipped in the RPM package provided by CentOS 6:

+
# rpm -ql spamassassin | grep 'sample-spam'
+/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
+
+# sa-learn --spam --username=vmail /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
+Learned tokens from 1 message(s) (1 message(s) examined)
+
+ +

Enable Roundcube plugin: markasjunk2

+ +
# cd /var/www/roundcubemail/plugins/markasjunk2/
+# cp config.inc.php.dist config.inc.php
+
+ + +
$rcmail_config['markasjunk2_learning_driver'] = 'cmd_learn';
+$rcmail_config['markasjunk2_read_spam'] = true;
+$rcmail_config['markasjunk2_unread_ham'] = false;
+$rcmail_config['markasjunk2_move_spam'] = true;
+$rcmail_config['markasjunk2_move_ham'] = true;
+$rcmail_config['markasjunk2_mb_toolbar'] = true;
+
+$rcmail_config['markasjunk2_spam_cmd'] = 'sa-learn --spam --username=vmail %f';
+$rcmail_config['markasjunk2_ham_cmd'] = 'sa-learn --ham --username=vmail %f';
+
+ + +
$rcmail_config['plugins'] = array(..., "markasjunk2");
+
+ + +
# OLD SETTING
+# disable_functions =show_source,system,shell_exec,passthru,exec,phpinfo,proc_open ;
+
+# NEW SETTING. exec is removed.
+disable_functions =show_source,system,shell_exec,passthru,phpinfo,proc_open ;
+
+ + +

You will see a new toolbar button after logging into Roundcube webmail:

+

+

Check SQL database sa_bayes before we testing this plugin:

+
# mysql -uroot -p
+mysql> USE sa_bayes;
+mysql> SELECT COUNT(*) FROM bayes_token;
++----------+
+| count(*) |
++----------+
+|       65 |
++----------+
+
+ +

Back to Roundcube webmail, select a spam email (or a testing email), click +Mark as Junk button, then this email will be scanned by command sa-learn. +Check database sa_bayes again to make sure it's working:

+
# mysql -uroot -p
+mysql> USE sa_bayes;
+mysql> SELECT COUNT(*) FROM bayes_token;
++----------+
+| count(*) |
++----------+
+|      143 |
++----------+
+
+ +

Note: You may get different result number as shown above.

+

So far so good. That's all we need to do.

+

References

+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/turn.on.debug.mode.in.amavisd.html b/html/turn.on.debug.mode.in.amavisd.html new file mode 100644 index 00000000..67b47c29 --- /dev/null +++ b/html/turn.on.debug.mode.in.amavisd.html @@ -0,0 +1,20 @@ + + + + Turn on debug mode in Amavisd + + + + +

Turn on debug mode in Amavisd

+

In Amavisd config file /etc/amavisd/amavisd.conf, change $log_level, then restart amavis service.

+
$log_level = 5;              # verbosity 0..5, -d
+
+ +

If you want to debug SpamAssassin, please update $sa_debug also:

+
$sa_debug = 1;
+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/turn.on.debug.mode.in.cluebringer.html b/html/turn.on.debug.mode.in.cluebringer.html new file mode 100644 index 00000000..63dffb82 --- /dev/null +++ b/html/turn.on.debug.mode.in.cluebringer.html @@ -0,0 +1,29 @@ + + + + Turn on debug mode in Cluebringer + + + + +

Turn on debug mode in Cluebringer

+

To turn on debug mode in Cluebringer, please increase its log level in +Cluebringer config file, set what it should log, and restart Cluebringer +service.

+ +
log_level=4
+log_detail=modules,tracking,policies
+
+
+ +

Cluebringer is configured to log to /var/log/cbpolicyd.log by default, so +please monitor this file to check detailed debug log.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/turn.on.debug.mode.in.dovecot.html b/html/turn.on.debug.mode.in.dovecot.html new file mode 100644 index 00000000..d2accbba --- /dev/null +++ b/html/turn.on.debug.mode.in.dovecot.html @@ -0,0 +1,34 @@ + + + + Turn on debug mode in Dovecot + + + + +

Turn on debug mode in Dovecot

+

To turn on debug mode in Dovecot, please update Dovecot config file +/etc/dovecot/dovecot.conf (Linux/OpenBSD) or +/usr/local/etc/dovecot/dovecot.conf (FreeBSD), set mail_debug to yes:

+
mail_debug = yes
+
+ +

Restart Dovecot service.

+

Dovecot is configured to log into 3 log files:

+ +

If you need authentication and password related debug message, turn on related +settings and restart dovecot service.

+
auth_verbose = yes
+auth_debug = yes
+auth_debug_passwords = yes
+auth_verbose_passwords = yes
+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/turn.on.debug.mode.in.openldap.html b/html/turn.on.debug.mode.in.openldap.html new file mode 100644 index 00000000..fd53ea03 --- /dev/null +++ b/html/turn.on.debug.mode.in.openldap.html @@ -0,0 +1,23 @@ + + + + Turn on debug mode in OpenLDAP + + + + +

Turn on debug mode in OpenLDAP

+

In OpenLDAP config file slapd.conf, update parameter loglevel to value 256, then restart OpenLDAP service.

+ +
loglevel    256
+
+ +

OpenLDAP is configured by iRedMail to log into /var/log/openldap.log by default.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/unattended.iredmail.installation.html b/html/unattended.iredmail.installation.html new file mode 100644 index 00000000..54e70751 --- /dev/null +++ b/html/unattended.iredmail.installation.html @@ -0,0 +1,161 @@ + + + + Perform silent/unattended iRedMail installation + + + + +

Perform silent/unattended iRedMail installation

+

iRedMail will store configrations in file iRedMail-x.y.z/config during +installation, and ask you whether to use it for installation directly +or create a new one.

+

You can create a sample config file by executing iRedMail installer:

+
# bash iRedMail.sh
+
+ +

After config wizard dialogs, you will find file config under iRedMail root +directory. For example, /root/iRedMail-0.8.7/config. it will ask whether to +start installation or not, you can cancel it if you want.

+

You can copy this config file to deploy as many servers as you want, change +the hard-coded passwords in it if you want.

+

How to deploy a new server with sample config file:

+ +
# AUTO_USE_EXISTING_CONFIG_FILE=y \
+    AUTO_INSTALL_WITHOUT_CONFIRM=y \
+    AUTO_CLEANUP_REMOVE_SENDMAIL=y \
+    AUTO_CLEANUP_REMOVE_MOD_PYTHON=y \
+    AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y \
+    AUTO_CLEANUP_RESTART_IPTABLES=y \
+    AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y \
+    AUTO_CLEANUP_RESTART_POSTFIX=n \
+    bash iRedMail.sh
+
+ +

Sample Deployment

+

Here's how i preform iRedMail tests every day with VMware Fusion on Mac OS X, +all are completed automatically with a shell command.

+ +
ssh root@[SERVER] "cd /root/iRedMail/ && IREDMAIL_DEBUG='NO' AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_MOD_PYTHON=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_RESTART_IPTABLES=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_RESTART_POSTFIX=n bash iRedMail.sh"
+
+ + +

It should complete in 2-3 minutes (uploading binary packages takes most time), +then i got a working iRedMail server. I do this many times every day.

+

I have 5 prepared iRedMail config files for different backends: OpenLDAP, +MySQL, MariaDB, PostgreSQL, ldapd (OpenBSD only). i run my script with an +option to install iRedMail with specified backend like below, the script will +upload proper config file to server:

+
# bash auto.centos7.sh ldap
+# bash auto.centos7.sh mysql
+# bash auto.centos7.sh pgsql
+# bash auto.ubuntu14.sh mariadb
+# bash auto.openbsd55.sh ldapd
+
+ +

Below is file of auto.centos7.sh mentioned above, it prepares VMware virtual +machine, then execute another script c7.sh to perform the real installation.

+
#!/usr/bin/env bash
+# File: auto.centos7.sh
+
+[ X"$#" != X'1' ] && echo 'No backend? ldap, mysql, pgsql' && exit 255
+export backend="${1}"
+
+export VMRUN='vmrun -T fusion'
+export VM_USER_ROOT='root'
+export VM_HOSTNAME='c7'
+
+export VM="/Users/zhb/vm.packages/vm/CentOS-7-x86_64.vmwarevm/CentOS-7-x86_64.vmx"
+
+echo "* Revert to the latest snapshot."
+${VMRUN} revertToSnapshot ${VM} Latest
+
+echo "* Start VM."
+${VMRUN} start ${VM}
+
+echo "* Sleep 30 seconds to wait VM start up."
+sleep 30
+
+echo "* Detect network status with ssh."
+while :; do
+    ssh ${VM_USER_ROOT}@${VM_HOSTNAME} "exit"
+    if [ X"$?" == X'0' ]; then
+        break
+    else
+        sleep 5
+    fi
+done
+
+echo "* Start testing iRedMail."
+sh ${VM_HOSTNAME}.sh ${backend}
+
+ +
#!/usr/bin/env bash
+# File: c7.sh
+[ X"$#" != X'1' ] && echo 'No backend?' && exit 255
+backend="${1}"
+# hostname of your VMware virtual machine set in Mac OS X /etc/hosts.
+HOST="c7"
+
+echo 'copying iRedMail ...'
+scp -r ~/projects/iredmail/iRedMail root@${HOST}:~ >/dev/null
+
+echo 'copying pkgs/misc ...'
+scp -r misc root@${HOST}:~/iRedMail/pkgs/ >/dev/null
+scp -r config.${backend} root@${HOST}:~/iRedMail/config >/dev/null
+
+echo 'copying archives ...'
+scp -r rhel/7/yum root@${HOST}:/var/cache/ >/dev/null
+
+echo 'updating .status ...'
+ssh root@${HOST} "echo export status_check_new_iredmail='DONE' > /root/iRedMail/.status"
+ssh root@${HOST} "echo export status_fetch_pkgs='DONE' >> /root/iRedMail/.status"
+ssh root@${HOST} "echo export status_fetch_misc='DONE' >> /root/iRedMail/.status"
+ssh root@${HOST} "echo export status_cleanup_update_clamav_signatures='DONE' >> /root/iRedMail/.status"
+ssh root@${HOST} "cd /root/iRedMail/ && yum clean metadata && AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_MOD_PYTHON=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_RESTART_IPTABLES=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_RESTART_POSTFIX=n bash iRedMail.sh"
+ssh root@${HOST} "/usr/bin/systemctl stop firewalld"
+
+#ssh root@${HOST} "mkdir /root/pro && cp /var/www/iredadmin/settings.py /root/pro/"
+#scp -r clamav/* root@${HOST}:/var/lib/clamav/
+#ssh root@${HOST} "chown clamupdate:clamupdate /var/lib/clamav/*"
+ssh root@${HOST} "echo 'reboot'; reboot"
+

If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file diff --git a/html/why.append.timestamp.in.maildir.path.html b/html/why.append.timestamp.in.maildir.path.html new file mode 100644 index 00000000..6d6821e1 --- /dev/null +++ b/html/why.append.timestamp.in.maildir.path.html @@ -0,0 +1,42 @@ + + + + Why append timestamp in maildir path + + + + +

Why append timestamp in maildir path

+

iRedMail will append timestamp in maildir path by default, here's why.

+

Depends on the tools/scripts you used to create mail accounts, it's tunable +in scripts shipped within iRedMail and iRedAdmin (file settings.py, variable +MAILDIR_APPEND_TIMESTAMP = True or False).

+

Deleting mail accounts with iRedAdmin will not remove the mailboxes on file +system, so that you can keep user's mailbox for some time.

+

Think about this situation:

+ +

iRedAdmin doesn't remove the mailboxes on file system, so Mike will see all +emails in Michael's mailbox if Michael didn't delete them. To avoid this, we +append a timestamp in maildir path to make sure all users will be assigned +a unique maildir paths.


If you found something wrong in this document, please do contact us to fix it.

\ No newline at end of file