Backup and restore

Backup

Backup mail accounts

Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts to backup SQL/LDAP databases, you can find them in downloaded iRedMail release, or find them in iRedMail source code repository:

iRedMail will setup a daily cron job to run backup script(s) during installation, so what you need to do is checking whether or not they're defined as cron jobs with below commands:

# crontab -l -u root

Sample output on an iRedMail server with OpenLDAP backend:

# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1   3   *   *   *   /bin/bash /var/vmail/backup/backup_openldap.sh

# iRedMail: Backup MySQL databases every day on 03:10 AM
10   3   *   *   *   /bin/bash /var/vmail/backup/backup_mysql.sh

Notes:

Backup additional data manually

Restore

How to restore SQL databases

You can simply restore plain SQL files backed up by above backup scripts.

If you're restoring on a NEW iRedMail server, do NOT restore the database which is named mysql exported from old server, it contains SQL usernames and passwords used in many components (e.g. Postfix, Dovecot, Roundcube webmail) on old server. New iRedMail server already has the same SQL accounts with different passwords, so please do not restore mysql database, otherwise almost all services won't work due to incorrect SQL credentials.

How to restore LDAP backup

Backup script runs command slapcat to dump whole LDAP tree as a backup, it must be so restored with command slapadd.

Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and directories may be different on other Linux/BSD distributions, you can find the correct ones in this tutorial: Locations of configuration and log files of major components.

# cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif

Below is sample copy in file iRedMail.tips.

OpenLDAP:
    ...
    * LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
    * LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6'    # <- cn=vmail's password
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd

# slappasswd -h '{ssha}' -s '9wr0mHeVYz2uaxSAGBLucVkOgYPSBB'    # <- cn=vmailadmin's password
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb

Below is a sample copy in 2015-05-10-03:01:01.ldif:

dn: cn=vmail,dc=iredmail,dc=org
...
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line
...

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line
...

Replace these two userPassword lines by the newly generated ssha passwords, save your change, exit your text editor.

dn: cn=vmail,dc=iredmail,dc=org
...
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
...

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
...

Important note: There's only ONE colon after userPassword string (userPassword:).

# /etc/init.d/ldap stop
# File: /etc/openldap/slapd.conf

...
database    bdb
suffix      dc=iredmail,dc=org
directory   /var/lib/ldap/iredmail.org
...

So you should remove all files under directory /var/lib/ldap/iredmail.org except /var/lib/ldap/iredmail.org/DB_CONFIG.

# cd /var/lib/ldap/iredmail.org/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/iredmail.org/*
# mv ~/DB_CONFIG .
# /etc/init.d/slapd start
# /etc/init.d/slapd stop
# slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
# /etc/init.d/slapd start
Stopping slapd:                                            [  OK  ]
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]"
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by "[WARNING]
/var/lib/ldap/iredmail.org/mtaTransport.bdb is not owned by [WARNING]
/var/lib/ldap/iredmail.org/cn.bdb is not owned by "ldap"    [WARNING]
/var/lib/ldap/iredmail.org/domainName.bdb is not owned by "l[WARNING]
/var/lib/ldap/iredmail.org/ou.bdb is not owned by "ldap"    [WARNING]
/var/lib/ldap/iredmail.org/uid.bdb is not owned by "ldap"   [WARNING]
/var/lib/ldap/iredmail.org/enabledService.bdb is not owned b[WARNING]
/var/lib/ldap/iredmail.org/homeDirectory.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/domainGlobalAdmin.bdb is not owne[WARNING]p"
/var/lib/ldap/iredmail.org/sn.bdb is not owned by "ldap"    [WARNING]
/var/lib/ldap/iredmail.org/mail.bdb is not owned by "ldap"  [WARNING]
/var/lib/ldap/iredmail.org/accountStatus.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/givenName.bdb is not owned by "ld[WARNING]
Checking configuration files for slapd:  config file testing succeeded
                                                           [  OK  ]
Starting slapd:                                            [  OK  ]

If you see above warning about improper file ownership, please set correct file owner on newly created bdb files immediately, then restart OpenLDAP service:

# chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
# /etc/init.d/ldap restart

All documents are available in BitBucket repository, and published under Creative Commons license. If you found something wrong, please do contact us to fix it.