Move articles.

This commit is contained in:
Zhang Huangbin 2014-09-17 21:36:40 +08:00
parent e27078a9ad
commit c520ea0aeb
10 changed files with 336 additions and 4 deletions

View File

@ -0,0 +1,133 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>How to migrate old iRedMail server to the latest stable release</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
<h1 id="how-to-migrate-old-iredmail-server-to-the-latest-stable-release">How to migrate old iRedMail server to the latest stable release</h1>
<div class="toc">
<li><a href="#how-to-migrate-old-iredmail-server-to-the-latest-stable-release">How to migrate old iRedMail server to the latest stable release</a><ul>
<li><a href="#client-settings-outlook-thunderbird">Client settings (Outlook, Thunderbird)</a></li>
<li><a href="#ldap-migrate-mail-accounts">LDAP: migrate mail accounts</a></li>
<li><a href="#mysqlpostgresql-migrate-mail-accounts">MySQL/PostgreSQL: Migrate mail accounts</a></li>
<li><a href="#migrate-mailboxes-maildir-format">Migrate mailboxes (Maildir format)</a></li>
<li><a href="#migrate-roundcube-webmail-data">Migrate Roundcube webmail data</a></li>
<p><code>WARNING</code>: Please try it on a test server first. if it works well, then try it on product server.</p>
<p>Since new iRedMail server will install same components as old server, you can choose what data you want to migrate. Most important data are:</p>
<li>email accounts stored in SQL/LDAP.</li>
<li>user mailboxes. Stored under /var/vmail by default.</li>
<li>SQL database of Roundcube webmail. It stores per-user webmail preferences, and address book.</li>
<li>Policyd/Cluebringer database. It stores white/blacklists records, greylisting records, etc.</li>
<li>Amavisd database.<ul>
<li>It stores per-recipient white/blacklists in SQL tables: <code>mailaddr</code>, <code>policy</code>, <code>users</code>, <code>wblist</code>.</li>
<li>Basic info of in/out emails are stored in SQL tables: <code>maddr</code>, <code>msgs</code>, <code>msgrcpt</code>. Quarantined emails are stored in <code>quarantine</code>, it requires other 3 tables. If you don't have any quarantined emails, it's safe to delete all records in these 4 tables.</li>
<p><strong>WARNING</strong>: Do not restore database <code>mysql</code> exported from old server, it contains SQL usernames/passwords for Roundcube/Amavisd/Policyd/Cluebringer used on old server. New iRedMail server has the same SQL usernames, but different passwords. So please do not restore it.</p>
<h2 id="client-settings-outlook-thunderbird">Client settings (Outlook, Thunderbird)</h2>
<p>Since iRedMail-0.8.7, iRedMail enforces secure POP3/IMAP/SMTP connections.
Mail client programs must issue 'STARTTLS' command before authentication,
so please update your mail client programs you must change your mail client
programs (e.g. Outlook, Thunderbird) to use TLS connection.</p>
<li>For SMTP service, use port <code>587</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<li>For IMAP service, use port <code>143</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<li>For POP3 service, use port <code>110</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<p>Addition notes:</p>
<p>If you want to enable smtp authentication on port <code>25</code> (again, not
recommended), please comment out Postfix parameter <code>smtpd_tls_auth_only = yes</code>
in its config file <code>/etc/postfix/</code>.</p>
<p>if you want to enable SMTPS (SMTP over SSL, port <code>465</code>) to support legency
mail clients, please follow this tutorial: (How to enable SMTPS service)[./faq-howto/howto.enable.smtps.service].</p>
<h2 id="ldap-migrate-mail-accounts">LDAP: migrate mail accounts</h2>
<p>Steps to migrate LDAP mail accounts:</p>
<li>Setup a new server with the latest iRedMail, and make iRedAdmin-Pro-LDAP work as expected.</li>
<li>Export mail accounts from LDAP on OLD mail server.</li>
<p>Normally, LDAP data can be exported into LDIF format. Here's backup/export script: <a href=""></a></p>
<em> There might be some changes in LDAP schema, please find scripts in below URL to apply all required changes: <a href=""></a>
</em> You can find all upgrade tutorials of iRedMail here: <a href=""></a></p>
<h2 id="mysqlpostgresql-migrate-mail-accounts">MySQL/PostgreSQL: Migrate mail accounts</h2>
<p>All mail accounts are stored in database <code>vmail</code> by default, to migrate mail
accounts, you can simply export this database on old server, then import it
on new server.</p>
<p><strong>IMPORTANT NOTE</strong>: iRedMail-0.8.7 drops several SQL columns, so before you
import backup SQL database, please add them first. It's safe to drop them
after you imported old database on new server.</p>
<pre><code class="mysql">mysql&gt; USE vmail;
mysql&gt; ALTER TABLE mailbox ADD COLUMN messages BIGINT(20) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE domain ADD COLUMN defaultlanguage VARCHAR(5) NOT NULL DEFAULT 'en_US';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultuserquota BIGINT(20) NOT NULL DEFAULT '1024';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultuseraliases TEXT;
mysql&gt; ALTER TABLE domain ADD COLUMN disableddomainprofiles VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN disableduserprofiles VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultpasswordscheme VARCHAR(10) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN minpasswordlength INT(10) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE domain ADD COLUMN maxpasswordlength INT(10) NOT NULL DEFAULT 0;
<p>After imported backup SQL databases, please execute below commands to mark
mail alias accounts and drop above newly created columns:</p>
<pre><code class="mysql">mysql&gt; USE vmail;
mysql&gt; UPDATE alias SET islist=1 WHERE address NOT IN (SELECT username FROM mailbox);
mysql&gt; UPDATE alias SET islist=0 WHERE address=domain; -- domain catch-all account
-- Store values into new column: domain.settings and drop them
mysql&gt; UPDATE domain SET settings='';
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultlanguage IS NULL OR defaultlanguage='', '', CONCAT('default_language:', defaultlanguage, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultuserquota IS NULL OR defaultuserquota=0, '', CONCAT('default_user_quota:', defaultuserquota, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultuseraliases IS NULL OR defaultuseraliases='', '', CONCAT('default_groups:', defaultuseraliases, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(minpasswordlength IS NULL OR minpasswordlength=0, '', CONCAT('min_passwd_length:', minpasswordlength, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(maxpasswordlength IS NULL OR maxpasswordlength=0, '', CONCAT('max_passwd_length:', maxpasswordlength, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(disableddomainprofiles IS NULL OR disableddomainprofiles='', '', CONCAT('disabled_domain_profiles:', disableddomainprofiles, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(disableduserprofiles IS NULL OR disableduserprofiles='', '', CONCAT('disabled_user_profiles:', disableduserprofiles, ';')));
mysql&gt; ALTER TABLE domain DROP defaultlanguage;
mysql&gt; ALTER TABLE domain DROP defaultuserquota;
mysql&gt; ALTER TABLE domain DROP defaultuseraliases;
mysql&gt; ALTER TABLE domain DROP minpasswordlength;
mysql&gt; ALTER TABLE domain DROP maxpasswordlength;
mysql&gt; ALTER TABLE domain DROP disableddomainprofiles;
mysql&gt; ALTER TABLE domain DROP disableduserprofiles;
<p><strong>IMPORTANT NOTE</strong>: There might be some changes in SQL structure, please read
all upgrade tutorials for your current iRedMail release, then apply SQL
structure related changes. For example:
<a href=""></a></p>
<h2 id="migrate-mailboxes-maildir-format">Migrate mailboxes (Maildir format)</h2>
<li>Simply copy all mailboxes (in Maildir format) to new iRedMail server.</li>
<li>Set correct file owner of mailboxes. Default owner is <code>vmail</code>, group is <code>vmail</code>.</li>
<li>Set correct file permission of mailboxes. Default is <code>0700</code>.</li>
<p>WARNING: please make sure maildir path stored in SQL/LDAP matches the mailbox
path on file system, so that mail clients can find imported emails.</p>
<h2 id="migrate-roundcube-webmail-data">Migrate Roundcube webmail data</h2>
<li>Export/import roundcube webmail database, and upgrade database to work with new version of Roundcube.
<a href=""></a></li>

View File

@ -0,0 +1,69 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to use or migrate password hashes</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
<h1 id="how-to-use-or-migrate-password-hashes">How to use or migrate password hashes</h1>
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
Dovecot wiki page
<a href=""><code>Password Schemes</code></a> for more details.</p>
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
<li>Plain text. e.g. <code>123456</code></li>
<li>MD5. (salted. e.g. <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
<p><strong>NOTE</strong>: Dovecot claims it supports SSHA512, but I didn't get it work.
Please test it first if you choose SSHA512.</p>
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
<li>For MySQL and PostgreSQL backends: <code>MD5</code> (salted).</li>
<li>For LDAP backend: <code>SSHA</code>.</li>
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
<h3 id="for-mysql-and-postgresql-backends">For MySQL and PostgreSQL backends</h3>
<p>All mail users are stored in SQL table <code>vmail.mailbox</code>, user password is stored
in SQL column <code>mailbox.password</code>. For example:</p>
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
<li>To store PLAIN-MD5, you have to prepend <code>{PLAIN-MD5}</code> in your password hash:</li>
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
<li>To store plain password, you have to prepend <code>{PLAIN}</code>:
<pre>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</pre></li>
<h3 id="for-ldap-backends">For LDAP backends</h3>
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
<p>To store plain password, SSHA, SSHA512 password hash, just store them in
original format. For example:
userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</pre></p>
<p>To store standard MD5 password (salted MD5 hash), please prepend <code>{CRYPT}</code>
(case insensitive) in your password hash. For example:
<pre>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</pre></p>
<p><strong>IMPORTANT NOTE</strong>: If you want to input password hash with phpLDAPadmin,
please choose <code>clear</code> in the password hash list, then input password hash.</p></body></html>

View File

@ -0,0 +1,38 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Why append timestamp in maildir path</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
<h1 id="why-append-timestamp-in-maildir-path">Why append timestamp in maildir path</h1>
<p>iRedMail will append timestamp in maildir path by default, here's why.</p>
<p>Depends on the tools/scripts you used to create mail accounts, it's tunable
in scripts shipped within iRedMail and iRedAdmin (file <code></code>, variable
<code>MAILDIR_APPEND_TIMESTAMP = True</code> or `False').</p>
<p>Deleting mail accounts with iRedAdmin will not remove the mailboxes on file
system, so that you can keep user's mailbox for some time.</p>
<p>Think about this situation:</p>
<p>Employee Michael Jordan has email address Without timestamp
in maildir path, the maildir path of his mailbox looks like
<p>Michael left company, and your company deleted his mail account. With
iRedAdmin, it just deletes mail accounts stored in LDAP/SQL server, not delete
his mailbox on file system (<code>var/vmail/vmail1/</code>).</p>
<p>A new talent joined in, his name is Mike Jackson, and he want to use
<code></code> since <code>mj@</code> is not used by others. And you created it for him.
Without timestamp in maildir path, the maildir path of Mike's mailbox is the
same as Michael's <code>/var/vmail/vmail1/</code>.</p>
<p>iRedAdmin doesn't remove the mailboxes on file system, so Mike will see all
emails in Michael's mailbox if Michael didn't delete them. To avoid this, we
append a timestamp in maildir path to make sure all users will be assigned
a unique maildir paths.</p></body></html>

View File

@ -0,0 +1,69 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to use or migrate password hashes</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
<h1 id="how-to-use-or-migrate-password-hashes">How to use or migrate password hashes</h1>
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
Dovecot wiki page
<a href=""><code>Password Schemes</code></a> for more details.</p>
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
<li>Plain text. e.g. <code>123456</code></li>
<li>MD5. (salted. e.g. <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
<p><strong>NOTE</strong>: Dovecot claims it supports SSHA512, but I didn't get it work.
Please test it first if you choose SSHA512.</p>
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
<li>For MySQL and PostgreSQL backends: <code>MD5</code> (salted).</li>
<li>For LDAP backend: <code>SSHA</code>.</li>
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
<h3 id="for-mysql-and-postgresql-backends">For MySQL and PostgreSQL backends</h3>
<p>All mail users are stored in SQL table <code>vmail.mailbox</code>, user password is stored
in SQL column <code>mailbox.password</code>. For example:</p>
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
<li>To store PLAIN-MD5, you have to prepend <code>{PLAIN-MD5}</code> in your password hash:</li>
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
<li>To store plain password, you have to prepend <code>{PLAIN}</code>:
<pre>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</pre></li>
<h3 id="for-ldap-backends">For LDAP backends</h3>
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
<p>To store plain password, SSHA, SSHA512 password hash, just store them in
original format. For example:
userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</pre></p>
<p>To store standard MD5 password (salted MD5 hash), please prepend <code>{CRYPT}</code>
(case insensitive) in your password hash. For example:
<pre>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</pre></p>
<p><strong>IMPORTANT NOTE</strong>: If you want to input password hash with phpLDAPadmin,
please choose <code>clear</code> in the password hash list, then input password hash.</p></body></html>

View File

@ -8,8 +8,7 @@
<body> <body>
<h1 id="frequently-asked-questions">Frequently Asked Questions</h1> <h1 id="frequently-asked-questions">Frequently Asked Questions</h1>
<ul> <ul>
<li><a href="faq-howto/use.or.migrate.password.hashes.html"> How to use or migrate password hashes</a></li> <li><a href="faq/"> Why append timestamp in maildir path</a></li>
<li><a href="faq-howto/"> Why append timestamp in maildir path</a></li>
</ul> </ul>
<h1 id="how-to">How to</h1> <h1 id="how-to">How to</h1>
<ul> <ul>
@ -25,6 +24,7 @@
</a></li> </a></li>
<li><a href="howto/"> How to store spamassassin bayes in SQL</a></li> <li><a href="howto/"> How to store spamassassin bayes in SQL</a></li>
<li><a href="howto/unattended.iredmail.installation.html"> How to perform silent/unattended iRedMail installation</a></li> <li><a href="howto/unattended.iredmail.installation.html"> How to perform silent/unattended iRedMail installation</a></li>
<li><a href="howto/use.or.migrate.password.hashes.html"> How to use or migrate password hashes</a></li>
</ul> </ul>
<h1 id="backup-and-restore">Backup and Restore</h1> <h1 id="backup-and-restore">Backup and Restore</h1>
<ul> <ul>

View File

@ -1,7 +1,6 @@
# Frequently Asked Questions # Frequently Asked Questions
* [ How to use or migrate password hashes](faq-howto/use.or.migrate.password.hashes.html) * [ Why append timestamp in maildir path](faq/
* [ Why append timestamp in maildir path](faq-howto/
# How to # How to
* [ How to allow user to send email without authentication ](howto/ * [ How to allow user to send email without authentication ](howto/
* [ Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](howto/ * [ Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](howto/
@ -13,6 +12,7 @@
* [ How to force Dovecot to recalculate mailbox quota ](howto/recalculate.mailbox.quota.html) * [ How to force Dovecot to recalculate mailbox quota ](howto/recalculate.mailbox.quota.html)
* [ How to store spamassassin bayes in SQL](howto/ * [ How to store spamassassin bayes in SQL](howto/
* [ How to perform silent/unattended iRedMail installation](howto/unattended.iredmail.installation.html) * [ How to perform silent/unattended iRedMail installation](howto/unattended.iredmail.installation.html)
* [ How to use or migrate password hashes](howto/use.or.migrate.password.hashes.html)
# Backup and Restore # Backup and Restore
* [How to migrate old iRedMail server to the latest stable release](backup-restore/ * [How to migrate old iRedMail server to the latest stable release](backup-restore/
# Troubleshooting and Debug # Troubleshooting and Debug

View File

@ -0,0 +1,23 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to turn on debug mode in Dovecot</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
<h1 id="how-to-turn-on-debug-mode-in-dovecot">How to turn on debug mode in Dovecot</h1>
<p>To turn on debug mode in Dovecot, please update Dovecot config file
<code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), set <code>mail_debug</code> to <code>yes</code>:</p>
<pre><code>mail_debug = yes
<p>Restart Dovecot service.</p>
<p>If you need authentication and password related debug message, turn on related
settings and restart dovecot service.</p>
<pre><code>auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
auth_verbose_passwords = yes