Backup and restore


Backup mail accounts

Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts to backup SQL/LDAP databases, you can find them in downloaded iRedMail release, or find them in iRedMail source code repository:

iRedMail will setup a daily cron job to run backup script(s) during installation, so what you need to do is checking whether or not they're defined as cron jobs with below commands:

# crontab -l -u root

Sample output on an iRedMail server with OpenLDAP backend:

# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1   3   *   *   *   /bin/bash /var/vmail/backup/

# iRedMail: Backup MySQL databases every day on 03:10 AM
10   3   *   *   *   /bin/bash /var/vmail/backup/


Backup additional data manually


How to restore SQL databases

You can simply restore plain SQL files backed up by above backup scripts.

If you're restoring on a NEW iRedMail server, do NOT restore the database which is named mysql exported from old server, it contains SQL usernames and passwords used in many components (e.g. Postfix, Dovecot, Roundcube webmail) on old server. New iRedMail server already has the same SQL accounts with different passwords, so please do not restore mysql database, otherwise almost all services won't work due to incorrect SQL credentials.


How to restore OpenLDAP backup

Backup script runs command slapcat to dump whole LDAP tree as a backup, it must be so restored with command slapadd.

Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and directories may be different on other Linux/BSD distributions, you can find the correct ones in this tutorial: Locations of configuration and log files of major components.

# cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif

Below is sample copy in file

    * LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
    * LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6'    # <- cn=vmail's password

# slappasswd -h '{ssha}' -s '9wr0mHeVYz2uaxSAGBLucVkOgYPSBB'    # <- cn=vmailadmin's password

Below is a sample copy in 2015-05-10-03:01:01.ldif:

dn: cn=vmail,dc=iredmail,dc=org
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line

Replace these two userPassword lines by the newly generated ssha passwords, save your change, exit your text editor.

dn: cn=vmail,dc=iredmail,dc=org
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb

Important note: There's only ONE colon after userPassword string (userPassword:).

# /etc/init.d/ldap stop


File DB_CONFIG is present if you're use bdb database type (specified in parameter database), mdb database doesn't have this file.

# File: /etc/openldap/slapd.conf

database    bdb
suffix      dc=iredmail,dc=org
directory   /var/lib/ldap/

So you should remove all files under directory /var/lib/ldap/ except /var/lib/ldap/

# cd /var/lib/ldap/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/*
# mv ~/DB_CONFIG .
# /etc/init.d/slapd start
# /etc/init.d/slapd stop
# slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
# /etc/init.d/slapd start
Stopping slapd:                                            [  OK  ]
/var/lib/ldap/ is not owned[WARNING]"
/var/lib/ldap/ is not owned by "[WARNING]
Checking configuration files for slapd:  config file testing succeeded
                                                           [  OK  ]
Starting slapd:                                            [  OK  ]

If you see above warning about improper file ownership, please set correct file owner on newly created bdb files immediately, then restart OpenLDAP service:

# chown ldap:ldap /var/lib/ldap/*.bdb
# /etc/init.d/ldap restart

If you're restoring LDAP data from an old iRedMail server, you should add missing LDAP attribute/values, which are introduced in newer iRedMail releases, by following step below: After LDAP Restore.

How to restore OpenBSD ldapd(8) backup

iRedMail-0.9.5 and later releases ships script /var/vmail/backup/ for daily backup. It backs up data with command ldapsearch (not slapcat - which is used for OpenLDAP), so you have to restore its data with command ldapadd.

rcctl stop ldapd
rcctl start ldapd
# ldapadd -x -D 'cn=Manager,dc=xx,dc=xx' -W -f /path/to/backup.ldif

If you're restoring LDAP data from an old iRedMail server, you should add missing LDAP attribute/values, which are introduced in newer iRedMail releases, by following step below: After LDAP Restore.

After LDAP restore

If you're restoring from an old iRedMail release, you need to add missing LDAP attribute/values, which are introduced in new iRedMail releases, by running Python scripts below:

For example:

Please open the file you need to run, for example,, find parameters like below:

uri = 'ldap://'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=Manager,dc=example,dc=com'
bind_pw = 'passwd'

Please update them with the correct LDAP prefix (dc=xx,dc=xx) and bind password, then run it with python command:
