550 lines
26 KiB
HTML
550 lines
26 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
<title>iRedMail Easy: Best Practice</title>
|
||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||
</head>
|
||
<body>
|
||
|
||
<div id="navigation">
|
||
<a href="https://www.iredmail.org" target="_blank">
|
||
<img alt="iRedMail web site"
|
||
src="./images/logo-iredmail.png"
|
||
style="vertical-align: middle; height: 30px;"
|
||
/>
|
||
<span>iRedMail</span>
|
||
</a>
|
||
// <a href="./index.html">Document Index</a></div><h1 id="iredmail-easy-best-practice">iRedMail Easy: Best Practice</h1>
|
||
<div class="toc">
|
||
<ul>
|
||
<li><a href="#iredmail-easy-best-practice">iRedMail Easy: Best Practice</a><ul>
|
||
<li><a href="#how-the-fearless-upgrade-works">How the fearless upgrade works</a><ul>
|
||
<li><a href="#including-config-files">Including config files</a></li>
|
||
<li><a href="#modify-config-files-in-place">Modify config files in-place</a></li>
|
||
<li><a href="#remove-existing-file-and-create-a-new-one">Remove existing file and create a new one</a></li>
|
||
<li><a href="#the-rest">The rest</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#ssl-cert">SSL cert</a></li>
|
||
<li><a href="#passwords">Passwords</a></li>
|
||
<li><a href="#custom-settings-used-by-softwares">Custom settings used by softwares</a><ul>
|
||
<li><a href="#mariadb">MariaDB</a></li>
|
||
<li><a href="#nginx">Nginx</a></li>
|
||
<li><a href="#postfix">Postfix</a></li>
|
||
<li><a href="#dovecot">Dovecot</a></li>
|
||
<li><a href="#roundcube">Roundcube</a><ul>
|
||
<li><a href="#custom-global-settings">Custom global settings</a></li>
|
||
<li><a href="#third-party-or-custom-plugins">Third-party or custom plugins</a></li>
|
||
<li><a href="#custom-settings-for-official-plugins">Custom settings for official plugins</a></li>
|
||
<li><a href="#custom-skins">Custom skins</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#sogo">SOGo</a></li>
|
||
<li><a href="#iredapd">iRedAPD</a></li>
|
||
<li><a href="#iredadmin">iRedAdmin</a></li>
|
||
<li><a href="#amavisd">Amavisd</a></li>
|
||
<li><a href="#fail2ban">Fail2ban</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#backup">Backup</a></li>
|
||
<li><a href="#references">References</a></li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</div>
|
||
<h2 id="how-the-fearless-upgrade-works">How the fearless upgrade works</h2>
|
||
<p>iRedMail Easy splits config files of softwares to 2 parts: Core and Custom,
|
||
this is the magic of fearless one-click upgrade.</p>
|
||
<p>iRedMail Easy maintains core config files to make sure everything works as
|
||
expected, but we understand that one rule doesn't work for everyone and you may
|
||
want to change/override some settings configured by iRedMail Easy.</p>
|
||
<p>Please follow some simple rules to store your custom settings, and do not
|
||
modify the core config files (manually) managed by iRedMail Easy.</p>
|
||
<h3 id="including-config-files">Including config files</h3>
|
||
<p>Many softwares support loading settings from extra config files with directive
|
||
like <code>include</code> (Nginx, Dovecot), <code>include_try</code> (Dovecot), <code>require_once</code> (PHP
|
||
applications). In this case, it will be configured to load extra config files
|
||
under <code>/opt/iredmail/custom/<software-name>/</code>. We use Dovecot for example to
|
||
explain the details.</p>
|
||
<p>Dovecot's main config file is <code>/etc/dovecot/dovecot.conf</code>, we have directives
|
||
at the bottom of <code>dovecot.conf</code> like this:</p>
|
||
<pre><code>!include_try /etc/dovecot/conf-enabled/*.conf
|
||
!include_try /opt/iredmail/custom/dovecot/conf-enabled/*.conf
|
||
</code></pre>
|
||
|
||
<p>It will try to load all files ends with <code>.conf</code> under
|
||
<code>/etc/dovecot/conf-enabled/</code> first, then
|
||
<code>/opt/iredmail/custom/dovecot/conf-enabled/</code>.</p>
|
||
<p>Files under <code>/etc/dovecot/conf-enabled/</code> are maintained by iRedMail Easy, if
|
||
you want to override some settings, please create a file which ends with
|
||
<code>.conf</code> under <code>/opt/iredmail/custom/dovecot/conf-enabled/</code> with your custom
|
||
settings. for example, Dovecot is configured to enable services like below by
|
||
iRedMail Easy:</p>
|
||
<pre><code>dovecot_protocols = pop3 imap sieve lmtp
|
||
</code></pre>
|
||
|
||
<p>What can you do to disable it without modify files under <code>/etc/dovecot/</code>? Easy,
|
||
just create a file, e.g. <code>custom.conf</code> under
|
||
<code>/opt/iredmail/custom/dovecot/conf-enabled/</code> with content below (<code>pop3</code> is
|
||
removed), then restart Dovecot service:</p>
|
||
<pre><code>dovecot_protocols = imap sieve lmtp
|
||
</code></pre>
|
||
|
||
<h3 id="modify-config-files-in-place">Modify config files in-place</h3>
|
||
<p>If software does not support loading settings from extra config files,
|
||
you may need to apply your own settings by running commands to modify its
|
||
config files under <code>/etc/</code>. For example, Postfix.</p>
|
||
<p>Postfix doesn't support directive like <code>include</code> to load extra config files,
|
||
you can change some settings by modifying its config files (e.g.
|
||
<code>/etc/postfix/main.cf</code>) directly, but next time you upgrade your iRedMail
|
||
server with iRedMail Easy, the config file will be rewritten by iRedMail Easy,
|
||
then you lose all custom settings.</p>
|
||
<p>Fortunately, iRedMail Easy supports executing a shell script each time it
|
||
deploying or upgrading a software. For Postfix, it's
|
||
<code>/opt/iredmail/custom/postfix/custom.sh</code>.</p>
|
||
<p>Let's say you want to add IP address <code>192.168.1.1</code> to Postfix parameter
|
||
<code>mynetworks</code>, instead of modifying <code>/etc/postfix/main.cf</code> directly, you can
|
||
write shell commands in <code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
|
||
<pre><code>postconf -e mynetworks='127.0.0.1 192.168.1.1'
|
||
</code></pre>
|
||
|
||
<p>Then run it manually:</p>
|
||
<pre><code>cd /opt/iredmail/custom/postfix/
|
||
bash custom.sh
|
||
</code></pre>
|
||
|
||
<p>When iRedMail Easy deploys or upgrades Postfix, it will run this script the
|
||
same way.</p>
|
||
<h3 id="remove-existing-file-and-create-a-new-one">Remove existing file and create a new one</h3>
|
||
<p>Nginx supports loading extra config file with <code>include</code> directive, but it
|
||
doesn't support overriding existing parameters. for example, if parameter
|
||
<code>client_max_body_size</code> is defined in one file, but you have <code>include</code> directive
|
||
to load same parameter in another file, Nginx will report duplicate parameter
|
||
and refuse to start. In this case, you have to remove existing config files
|
||
(which contains the parameter you want to customize) generated by iRedMail Easy
|
||
and create a new one. Let's use parameter <code>client_max_body_size</code> for example.</p>
|
||
<p>iRedMail Easy generates files under <code>/etc/nginx/conf-enabled/</code> for different
|
||
parameters, and parameter <code>client_max_body_size</code> is defined in
|
||
<code>/etc/nginx/conf-enabled/client_max_body_size.conf</code> like this:</p>
|
||
<pre><code>client_max_body_size 15m;
|
||
</code></pre>
|
||
|
||
<p>You need to add a new file under <code>/opt/iredmail/custom/nginx/conf-enabled/</code>
|
||
first, then add shell command in <code>/opt/iredmail/custom/nginx/custom.sh</code> to
|
||
remove <code>/etc/nginx/conf-enabled/client_max_body_size.conf</code> like below:</p>
|
||
<pre><code>rm -f /etc/nginx/conf-enabled/client_max_body_size.conf
|
||
</code></pre>
|
||
|
||
<p>Now run this script:</p>
|
||
<pre><code>cd /opt/iredmail/custom/nginx/
|
||
bash custom.sh
|
||
</code></pre>
|
||
|
||
<p>When iRedMail Easy deploys or upgrades Nginx, it will run this script the
|
||
same way.</p>
|
||
<h3 id="the-rest">The rest</h3>
|
||
<ul>
|
||
<li>SOGo doesn't support any of the ways mentioned above, if you need to modify any settings, please either use <code>/opt/iredmail/custom/sogo/custom.sh</code> to modify please read <a href="#sogo">details below</a>.</li>
|
||
</ul>
|
||
<h2 id="ssl-cert">SSL cert</h2>
|
||
<p>iRedMail Easy generates self-signed ssl cert by default, cert files are stored
|
||
under <code>/opt/iredmail/ssl/</code>:</p>
|
||
<ul>
|
||
<li><code>key.pem</code>: private key</li>
|
||
<li><code>cert.pem</code>: certificate</li>
|
||
<li><code>combined.pem</code>: full chain</li>
|
||
</ul>
|
||
<p>To get rid of self-signed cert, you can either:</p>
|
||
<ul>
|
||
<li><a href="./letsencrypt.html">Request a free cert from Let's Encrypt</a>, or</li>
|
||
<li><a href="./use.a.bought.ssl.certificate.html">Use a bought SSL certificate</a>.</li>
|
||
</ul>
|
||
<h2 id="passwords">Passwords</h2>
|
||
<ul>
|
||
<li>iRedMail Easy doesn't store any SQL/LDAP passwords on its deployment servers,
|
||
instead it generates and reads from files under <code>/root/.iredmail/kv/</code> on
|
||
<strong>YOUR</strong> server to get the passwords.</li>
|
||
<li>Files under <code>/root/.iredmail/kv/</code> contain only one line.</li>
|
||
<li>If you changed any of them, please update files under <code>/root/.iredmail/kv/</code>
|
||
also, so that iRedMail Easy can get correct password when you perform upgrade.</li>
|
||
</ul>
|
||
<table>
|
||
<thead>
|
||
<tr>
|
||
<th>Backend</th>
|
||
<th>File Name</th>
|
||
<th>Comment</th>
|
||
<th>Value could be found in file</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td>LDAP, MySQL</td>
|
||
<td><code>sql_user_root</code></td>
|
||
<td>MySQL root password.</td>
|
||
<td><code>/root/.my.cnf</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>PostgreSQL</td>
|
||
<td><code>sql_user_postgres</code> (Linux)<br/><code>sql_user__postgresql</code> (OpenBSD)</td>
|
||
<td>PostgreSQL root password.</td>
|
||
<td><code>/var/lib/pgsql/.pgpass</code> (CentOS), or <code>/var/lib/postgresql/.pgpass</code> (Debian/Ubuntu), <code>/var/postgresql/.pgpass</code> (OpenBSD)</td>
|
||
</tr>
|
||
<tr>
|
||
<td>LDAP</td>
|
||
<td><code>ldap_root_password</code></td>
|
||
<td>Password of LDAP root dn (cn=Manager,dc=xx,dc=xx)</td>
|
||
<td></td>
|
||
</tr>
|
||
<tr>
|
||
<td>LDAP</td>
|
||
<td><code>ldap_vmail_password</code></td>
|
||
<td>Password of LDAP dn <code>cn=vmail,dc=xx,dc=xx</code></td>
|
||
<td><code>/etc/postfix/ldap/*.cf</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>LDAP</td>
|
||
<td><code>ldap_vmailadmin_password</code></td>
|
||
<td>Password of LDAP dn <code>cn=vmailadmin,dc=xx,dc=xx</code></td>
|
||
<td><code>/opt/www/iredadmin/settings.py</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_vmail</code></td>
|
||
<td>Password of SQL user <code>vmail</code></td>
|
||
<td><code>/etc/postfix/mysql/*.cf</code> or <code>/etc/postfix/pgsql/*.cf</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_vmailadmin</code></td>
|
||
<td>Password of SQL user <code>vmailadmin</code></td>
|
||
<td><code>/opt/www/iredadmin/settings.py</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_amavisd</code></td>
|
||
<td>Password of SQL user <code>amavisd</code></td>
|
||
<td><code>/etc/amavisd/amavisd.conf</code> (Linux/OpenBSD)<br><code>/etc/amavis/conf.d/50-user</code> (Debian/Ubuntu)</td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_sa_bayes</code></td>
|
||
<td>Password of SQL user <code>sa_bayes</code></td>
|
||
<td><code>/etc/mail/spamassassin/local.cf</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_iredadmin</code></td>
|
||
<td>Password of SQL user <code>iredadmin</code></td>
|
||
<td><code>/opt/www/iredadmin/settings.py</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_iredapd</code></td>
|
||
<td>Password of SQL user <code>iredapd</code></td>
|
||
<td><code>/opt/iredapd/settings.py</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_roundcube</code></td>
|
||
<td>Password of SQL user <code>roundcube</code></td>
|
||
<td><code>/root/.my.cnf-roundcube</code> or <code>/opt/www/roundcubemail/config/config.inc.php</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_sogo</code></td>
|
||
<td>Password of SQL user <code>sogo</code></td>
|
||
<td><code>/etc/sogo/sogo.conf</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sql_user_netdata</code></td>
|
||
<td>Password of SQL user <code>netdata</code></td>
|
||
<td><code>/root/.my.cnf-netdata</code> or <code>/opt/netdata/etc/netdata/my.cnf</code></td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>iredapd_srs_secret</code></td>
|
||
<td>The secret string used to sign SRS.</td>
|
||
<td><code>/opt/iredapd/settings.py</code>, parameter <code>srs_secrets =</code>.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>sogo_sieve_master_password</code></td>
|
||
<td>The Dovecot master user used by SOGo.</td>
|
||
<td><code>/etc/sogo/sieve.cred</code>.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>roundcube_des_key</code></td>
|
||
<td>The DES key used by Roundcube to encrypt the session.</td>
|
||
<td><code>/opt/www/roundcubemail/config/config.inc.php</code>, parameter <code>$config['des_key'] =</code>.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>mlmmjadmin_api_token</code></td>
|
||
<td>API token for authentication.</td>
|
||
<td><code>/opt/mlmmjadmin/settings.py</code>, parameter <code>api_auth_tokens =</code>.</td>
|
||
</tr>
|
||
<tr>
|
||
<td>ALL</td>
|
||
<td><code>first_domain_admin_password</code></td>
|
||
<td>Password of the mail user <code>postmaster@<your-domain.com></code>.</td>
|
||
<td><code>your-domain.com</code> is the first mail domain name you (are going to) set in mail server profile page on iRedMail Easy platform, you can find it in mail server profile page, under tab <code>Settings</code>.</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<h2 id="custom-settings-used-by-softwares">Custom settings used by softwares</h2>
|
||
<h3 id="mariadb">MariaDB</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/mysql/</code>:<ul>
|
||
<li>All files end with <code>.cnf</code> will be loaded by Mariadb.</li>
|
||
<li>
|
||
<p>It will override existing settings defined in files under <code>/etc/mysql/</code> (Linux)
|
||
or <code>/usr/local/etc/mysql/</code> (FreeBSD).</p>
|
||
<p>Sample config file, <code>/opt/iredmail/custom/mysql/custom.conf</code>:</p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
<pre><code>[mysqld]
|
||
max_connections = 1024
|
||
</code></pre>
|
||
|
||
<h3 id="nginx">Nginx</h3>
|
||
<ul>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/nginx/custom.sh</code>: a bash shell script for advanced
|
||
customization. This file will be executed every time iRedMail Easy deploys /
|
||
upgrades the Nginx.</p>
|
||
<p>For example, Nginx doesn't support override existing settings by loading
|
||
same parameter from another config file, in this case you should run <code>rm</code>
|
||
command in this file (<code>custom.sh</code>) to remove existing config file
|
||
generated by iRedMail Easy and store custom settings in another file.</p>
|
||
</li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/nginx/conf-enabled/</code>: additional Nginx global settings used inside <code>http {}</code> block.</p>
|
||
<ul>
|
||
<li>If you want to override a parameter which is already defined in
|
||
<code>/etc/nginx/conf-enabled/</code>, please update <code>/opt/iredmail/custom/nginx/custom.sh</code>
|
||
to remove file under <code>/etc/nginx/conf-enabled/</code> first, then write your
|
||
own config file under <code>/opt/iredmail/custom/nginx/conf-enabled/</code> to set
|
||
a proper value.</li>
|
||
</ul>
|
||
</li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/</code>: additional settings for default https website (inside the <code>server {}</code> block).</p>
|
||
</li>
|
||
<li><code>/opt/iredmail/custom/nginx/sites-enabled/</code>: additional virtual web hosts.</li>
|
||
</ul>
|
||
<p>iRedMail uses the directory structure recommended by Debian/Ubuntu:</p>
|
||
<pre><code>/etc/nginx/ # all config files
|
||
|
||
|- conf-available/ # store settings used inside Nginx `http {}` block.
|
||
# Note: files under this directory are NOT
|
||
# loaded by Nginx directly.
|
||
|
||
|- conf-enabled/ # symbol links to files under `conf-available/`.
|
||
# Note: files under this directory are
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-available/ # store virtual web host config files.
|
||
# Note: files under this directory are NOT
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-enabled/ # symbol links to files under `sites-available/`.
|
||
# Note: files under this directory are
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-conf.d/
|
||
|- default-ssl/ # modular config files used by default
|
||
# virtual web host.
|
||
|
||
/opt/iredmail/custom/nginx/ # all custom config files.
|
||
|- conf-available/
|
||
|- conf-enabled/
|
||
|- sites-available/
|
||
|- sites-enabled/
|
||
|- custom.sh # shell script used for advanced customization
|
||
</code></pre>
|
||
|
||
<h3 id="postfix">Postfix</h3>
|
||
<p>Postfix doesn't support loading main settings (<code>main.cf</code> and <code>master.cf</code>) from
|
||
multiple files.</p>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
|
||
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
|
||
</ul>
|
||
<p>For other settings, Postfix is configured to load the one under
|
||
<code>/opt/iredmail/custom/postfix/</code> first (this should be maintained by you), then
|
||
another one from <code>/etc/postfix/</code> (maintained by iRedMail Easy and you should
|
||
NOT update them). If rule defined in first one matches, Postfix will skip the
|
||
second file.</p>
|
||
<p>For example, Postfix loads 2 files for HELO access check:</p>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code>: You can add custom HELO
|
||
access rules in this file, or add rule to override the one defined in
|
||
<code>/etc/postfix/helo_access.pcre</code>. If access rule in this file matches,
|
||
Postfix will ignore the second (and all the rest) files.</li>
|
||
<li><code>/etc/postfix/helo_access.pcre</code>: This file is maintained by iRedMail Easy,
|
||
you should NOT modify it.</li>
|
||
</ul>
|
||
<p>You can find some other files for customization under
|
||
<code>/opt/iredmail/custom/postfix/</code>. For example:</p>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced
|
||
customization. It will be ran each time your ran iRedMail Easy deployment or
|
||
upgrade.</p>
|
||
<p>For example, to change setting <code>enable_original_recipient</code> to <code>yes</code>
|
||
(defaults to <code>no</code> set in <code>/etc/postfix/main.cf</code>), you can write one shell
|
||
command in <code>/opt/iredmail/custom/postfix/custom.sh</code> like below:</p>
|
||
</li>
|
||
</ul>
|
||
<pre><code>postconf -e enable_original_recipient=yes
|
||
</code></pre>
|
||
|
||
<p>To update settings in <code>master.cf</code>, you can run <code>postconf -M</code> and
|
||
<code>postconf -P</code>. For example, create new transport <code>submission</code>:</p>
|
||
<pre><code>postconf -M submission/inet="submission inet n - n - - smtpd"
|
||
postconf -P "submission/inet/syslog_name=postfix/submission"
|
||
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
|
||
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
|
||
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
|
||
postconf -P "submission/inet/content_filter=smtp-amavis:[127.0.0.1]:10026
|
||
</code></pre>
|
||
|
||
<p>For more details about <code>postconf</code> command, please check its manual page:
|
||
<a href="http://www.postfix.org/postconf.1.html">postconf(1)</a>.</p>
|
||
<h3 id="dovecot">Dovecot</h3>
|
||
<p>Dovecot supports loading from mulitple config files, and settings will be
|
||
overrode by the last one.</p>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/dovecot/conf-enabled/</code>: store custom Dovecot settings.</li>
|
||
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: a bash shell script used for advanced customization</li>
|
||
</ul>
|
||
<h3 id="roundcube">Roundcube</h3>
|
||
<h4 id="custom-global-settings">Custom global settings</h4>
|
||
<p>All your custom settings should be placed in
|
||
<strong><code>/opt/iredmail/custom/roundcube/custom.inc.php</code></strong>, and do <strong>NOT</strong>
|
||
touch main config file <code>/opt/www/roundcubemail/config/config.inc.php</code>.</p>
|
||
<h4 id="third-party-or-custom-plugins">Third-party or custom plugins</h4>
|
||
<p>All third-party or custom plugins should be placed under <strong><code>/opt/iredmail/custom/roundcube/plugins/</code></strong>.</p>
|
||
<p>Plugins will be linked to <code>/opt/www/roundcubemail/plugins/</code> automatically
|
||
during iRedMail Easy deployment, but you need to create the symbol
|
||
link manually if you don't want to run another deployment.</p>
|
||
<h4 id="custom-settings-for-official-plugins">Custom settings for official plugins</h4>
|
||
<p>iRedMail Easy enables 2 official plugins by default:</p>
|
||
<ul>
|
||
<li><code>password</code>: used by end users to change their own passwords.</li>
|
||
<li><code>managesieve</code>: used by end users to custom mail filter rules.</li>
|
||
</ul>
|
||
<p>If you have custom settings for plugins enabled by iRedMail Easy, please
|
||
put the custom settings in file
|
||
<code>/opt/iredmail/custom/roundcube/config_<plugin_name>.inc.php</code>.</p>
|
||
<p>For example:</p>
|
||
<ul>
|
||
<li>For <code>password</code> plugin: <code>/opt/iredmail/custom/roundcube/config_password.inc.php</code></li>
|
||
<li>For <code>managesieve</code> plugin: <code>/opt/iredmail/custom/roundcube/config_managesieve.inc.php</code></li>
|
||
</ul>
|
||
<p>If you have custom settings for plugin which is not enabled by iRedMail
|
||
Easy, please append a line to
|
||
<code>/opt/www/roundcubemail/plugins/<plugin-name>/config.inc.php</code> like below:</p>
|
||
<pre><code>require_once "/opt/iredmail/custom/roundcube/config_<plugin>.inc.php";
|
||
</code></pre>
|
||
|
||
<p>Then put all custom settings for this plugin to <code>/opt/iredmail/custom/roundcube/config_<plugin>.inc.php</code>.</p>
|
||
<p>For example, if you have custom settings for official plugin <code>enigma</code>, you
|
||
should append this line to <code>/opt/www/roundcubemail/plugins/enigma/config.inc.php</code>:</p>
|
||
<pre><code>require_once "/opt/iredmail/custom/roundcube/config_enigma.inc.php";
|
||
</code></pre>
|
||
|
||
<p>Then put all custom settings for plugin <code>enigma</code> to
|
||
<code>/opt/iredmail/custom/roundcube/config_enigma.inc.php</code>.</p>
|
||
<p>This way if iRedMail Easy enables the plugin, it will successfully load
|
||
your own custom settings and not mess it up.</p>
|
||
<h4 id="custom-skins">Custom skins</h4>
|
||
<p>All third-party or custom skins should be placed under <strong><code>/opt/iredmail/custom/roundcube/skins/</code></strong>.</p>
|
||
<p>Skins will be linked to <code>/opt/www/roundcubemail/skins/</code> automatically
|
||
during iRedMail Easy deployment, but you need to create the symbol link
|
||
manually if you don't want to run another deployment.</p>
|
||
<h3 id="sogo">SOGo</h3>
|
||
<p>SOGo doesn’t support directive like <code>include</code> to load extra settings
|
||
from multiple files, so you have to either maintain your own SOGo config
|
||
file (<code>/opt/iredmail/custom/sogo/sogo.conf</code>) or use the <code>custom.sh</code>
|
||
shell script to do some customization based on the config file generated by
|
||
iRedMail Easy platform.</p>
|
||
<ul>
|
||
<li>
|
||
<p>File <code>/opt/iredmail/custom/sogo/sogo.conf</code></p>
|
||
<p>If this file exists, <code>/etc/sogo/sogo.conf</code> will be created as a symbol link
|
||
to this file during iRedMail Easy deployment.</p>
|
||
</li>
|
||
<li>
|
||
<p>Shell script <code>/opt/iredmail/custom/sogo/custom.sh</code></p>
|
||
<p>A bash shell script for advanced customization, you can customize SOGo
|
||
config file with shell commands organized in this file.</p>
|
||
<p>This file will be ran by iRedMail Easy deployment each time it deploys
|
||
or upgrade SOGo component.</p>
|
||
</li>
|
||
</ul>
|
||
<h3 id="iredapd">iRedAPD</h3>
|
||
<ul>
|
||
<li>
|
||
<p>File <code>/opt/iredmail/custom/iredapd/settings.py</code></p>
|
||
<p>All custom settings must be stored in this file.
|
||
It will be linked to <code>/opt/www/iredapd/custom_settings.py</code> during iRedMail
|
||
Easy deployment or upgrade.</p>
|
||
</li>
|
||
</ul>
|
||
<h3 id="iredadmin">iRedAdmin</h3>
|
||
<ul>
|
||
<li>
|
||
<p>File <code>/opt/iredmail/custom/iredadmin/settings.py</code></p>
|
||
<p>All custom settings must be stored in this file.
|
||
It will be linked to <code>/opt/www/iredadmin/custom_settings.py</code> during iRedMail
|
||
Easy deployment or upgrade.</p>
|
||
</li>
|
||
</ul>
|
||
<h3 id="amavisd">Amavisd</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/amavisd/amavisd.conf</code></li>
|
||
</ul>
|
||
<h3 id="fail2ban">Fail2ban</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/fail2ban/jail.local</code>: used to override settings in
|
||
<code>[DEFAULT]</code> section of main fail2ban config file. For example, <code>maxretry</code>, <code>findtime</code>, <code>bantime</code>,
|
||
<code>ignoreip</code>.</li>
|
||
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: used for advanced customization.
|
||
for example, if you have some new jails, you can write jail config files under
|
||
<code>/opt/iredmail/custom/fail2ban/</code> too (you're free to create sub-folder to
|
||
store the jail config files), then use <code>custom.sh</code> to create symbol link
|
||
of jails you want to enable under <code>/etc/fail2ban/jail.d/</code>.</li>
|
||
</ul>
|
||
<h2 id="backup">Backup</h2>
|
||
<ul>
|
||
<li>iRedMail Easy generates daily cron jobs to backup mail accounts and SQL/LDAP
|
||
databases (stored under <code>/var/vmail/backup/</code> by default), but not mailboxes, you
|
||
need to backup mailboxes yourself.</li>
|
||
<li>Files under <code>/opt/iredmail/custom/</code> contain all your custom settings. If you need to
|
||
restore a iRedMail Easy server to another one, please copy <code>/opt/iredmail/custom/</code>
|
||
to new server first, then perform the iRedMail Easy deployment.</li>
|
||
</ul>
|
||
<h2 id="references">References</h2>
|
||
<ul>
|
||
<li><a href="https://wiki.dovecot.org/ConfigFile#Including_config_files">Dovecot: Including config files</a></li>
|
||
</ul><div class="footer">
|
||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||
</div>
|
||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
||
<script>
|
||
window.dataLayer = window.dataLayer || [];
|
||
function gtag(){dataLayer.push(arguments);}
|
||
gtag('js', new Date());
|
||
|
||
gtag('config', 'UA-3293801-21');
|
||
</script>
|
||
</body></html> |