使用者工具

網站工具


tech:iredmail

CentOS7 安裝 iRedMail Mail Server

環境準備

  • 關閉 selinux
    vi /etc/selinux/config
    :
    SELINUX=disabled
  • 設定 /etc/sysconfig/network
    HOSTNAME=iredmail.ichiayi.com
  • 設定 /etc/hosts
    127.0.0.1   iredmail.ichiayi.com iredmail localhost localhost.localdomain
  • 設定 /etc/hostname
    iredmail.ichiayi.com
  • 重新開機
    sync;sync;sync;reboot

下載安裝 iRedMail

su - root
yum install wget bzip2
cd /root/
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.9.tar.bz2
tar xjf iRedMail-0.9.9.tar.bz2
cd /root/iRedMail-0.9.9/
bash iRedMail.sh
  • 安裝完成最後更新完成掃毒病毒碼 daily.cld 之後, 要重新開機所有服務才能正常啟動
    sync;sync;sync;reboot
  • 如果執行安裝時一直出現 /etc/hosts 的設定錯誤, 請先用
    hostname -f

    是否能夠正確出現標準 FQDN 格式 Exp. iredmai.ichiayi.com

  • 如果是安裝在中國機房, 因為 iredmail.org 被 GFW 封鎖, 所以要改用以下語法
    IREDMAIL_EPEL_MIRROR='http://mirrors.aliyun.com/epel'
    IREDMAIL_MIRROR='https://dl.iredmail.org' bash iRedMail.sh
  • 安裝完成後重要資訊會產生在 /root/iRedMail-0.9.8/iRedMail.tips 檔案內

相關設定與驗證測試

修改主機名稱的處理方式

SSL 憑證設定

    • 取得免費的 LetsEncrypt ssl 憑證 參考 - 申請設定 Let's Encrypt 免費 SSL 憑證(CentOS 6/7 + Apache/Nginx)
      • Exp. 取得的憑證存放在 /etc/letsencrypt/live/mail.ichiayi.com/
    • 設定 Postfix (SMTP server) 執行命令
    • 設定 Dovecot (POP3/IMAP server) 參考設定內容
    • 設定 WebMail(nginx) 參考執行命令
    • 確認設定的 SSL 憑證有正式運作
      • IMAP 執行命令
      • POP3 執行命令
      • SMTP 執行命令
      • Web 執行命令
  • 如果 SSL 憑證與 Mail Server 在不同主機上, 每次憑證更新後可透過 rsync 方式來進行跨主機同步
  • Exp. SSL 憑證存在 192.168.11.234 主機上, 可在 Mail Server 執行以下的同步語法:

白名單與黑名單設定

郵件移轉 (imapsync)

  • 是透過新舊 Mail Server 的 imap 協定來將舊 Mail Server 內的信件移轉至新 Mail Server 內
  • 安裝 imapsync
    yum install imapsync
  • 假設要移轉 jonathan 的信件, 要知道新舊主機 jonathan 的密碼, 將密碼寫入 /root/sync_info/jonathan 檔案內, 然後執行以下的語法
    imapsync --host1 mail.ichiayi.com --user1 jonathan --passfile1 /root/sync_info/jonathan --host2 192.168.11.236 --user2 jonathan --passfile2 /root/sync_info/jonathan
  • 執行後, 會在執行目錄底下產生 LOG_imapsync 目錄, 裡面會有執行過程的紀錄檔案 Exp. 2018_09_07_11_35_30_testalbert.txt
  • 記錄檔內出現 Err 的項目表示同步時出現異常的信件匣, 需要另外處理 Exp.
    Err 1/2: Could not create folder [from Albert/&ZbBbomI2--Data/INDIA/ABC.] from [from Albert/&ZbBbomI2--Data/INDIA/ABC.]: 38252 NO [CANNOT] Character not allowed in mailbox name: '.' (0.001 + 0.000 secs).
    :

更新版本程序

  1. Upgrade iRedAPD → 2.4 - https://docs.iredmail.org/upgrade.iredapd.html
    su - root
    mkdir -p 0.9.9
    cd 0.9.9
    wget https://dl.iredmail.org/yum/misc/iRedAPD-2.4.tar.bz2
    tar xjf iRedAPD-2.4.tar.bz2
    cd iRedAPD-2.4/tools/
    bash upgrade_iredapd.sh

    查看更新紀錄

    tail -500 /var/log/iredapd/iredapd.log
    :
    2019-02-16 23:43:34 INFO Starting iRedAPD (version: 2.4, backend: mysql), listening on 127.0.0.1:7777.
    2019-02-16 23:43:34 INFO Log rotate type: time, interval: W6, backup copies: 12.
    2019-02-16 23:43:34 INFO Loading plugin (priority: 100): reject_null_sender
    2019-02-16 23:43:34 INFO Loading plugin (priority: 99): wblist_rdns
    2019-02-16 23:43:34 INFO Loading plugin (priority: 90): reject_sender_login_mismatch
    2019-02-16 23:43:34 INFO Loading plugin (priority: 80): greylisting
    2019-02-16 23:43:34 INFO Loading plugin (priority: 60): throttle
    2019-02-16 23:43:34 INFO Loading plugin (priority: 50): sql_alias_access_policy
    2019-02-16 23:43:34 INFO Loading plugin (priority: 40): amavisd_wblist
    :
  2. Upgrade iRedAdmin → 0.9.4 - https://docs.iredmail.org/migrate.or.upgrade.iredadmin.html
    wget https://dl.iredmail.org/yum/misc/iRedAdmin-0.9.4.tar.bz2
    tar xjf iRedAdmin-0.9.4.tar.bz2
    cd iRedAdmin-0.9.4/tools/
    bash upgrade_iredadmin.sh
  3. Upgrade mlmmjadmin → 2.1 - https://docs.iredmail.org/upgrade.mlmmjadmin.html
    wget https://github.com/iredmail/mlmmjadmin/archive/2.1.tar.gz
    tar zxf 2.1.tar.gz
    cd mlmmjadmin-2.1/tools/
    bash upgrade_mlmmjadmin.sh
  4. Upgrade Roundcube webmail → 1.3.8 - https://github.com/roundcube/roundcubemail/wiki/Upgrade
    wget https://github.com/roundcube/roundcubemail/releases/download/1.3.8/roundcubemail-1.3.8-complete.tar.gz
    tar xf roundcubemail-*.tar.gz
    cd roundcubemail-*
    bin/installto.sh /var/www/roundcubemail-1.3.6

    如果無法執行 /bin/installto.sh 可能要檢查 /etc/php.ini 內是否關閉 system 的命令使用

  5. Upgrade netdata → 1.12.0 - https://docs.iredmail.org/upgrade.netdata.html
    wget https://github.com/netdata/netdata/releases/download/v1.12.0/netdata-v1.12.0.gz.run
    chmod +x netdata-*.gz.run
    ./netdata-*.gz.run --accept
  6. Fix improper Nginx config files for Roundcube
    vi /etc/nginx/templates/roundcube.tmpl
    :
    location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
    :
    location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
    :
    location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; }
    :
    location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; }
    :
    vi /etc/nginx/templates/roundcube-subdomain.tmpl
    :
    location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; }
    :
    location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; }
    :
    location ~ ^/plugins/.*/config.inc.php.* { deny all; }
    :
    location ~ ^/plugins/enigma/home($|/.*) { deny all; }
    :
  7. Improve mlmmj script used for appending footer text
    cd /usr/bin/
    wget -O mlmmj-amime-receive https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/mlmmj/mlmmj-amime-receive
    chown mlmmj:mlmmj mlmmj-amime-receive
    chmod 0550 mlmmj-amime-receive
  8. Fix address mapping issue for mlmmj mailing list
    vi /etc/amavisd/amavisd.conf
    :
    $policy_bank{'MLMMJ'} = {
        ...
        forward_method => 'smtp:[127.0.0.1]:10028',
    };
    :
    vi /etc/postfix/master.cf
    :
    127.0.0.1:10028 inet n  -   n   -   -  smtpd
        -o syslog_name=postfix/10028
        -o content_filter=
        -o mynetworks_style=host
        -o mynetworks=127.0.0.1
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o strict_rfc821_envelopes=yes
        -o smtp_tls_security_level=none
        -o smtpd_tls_security_level=none
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    
    systemctl restart postfix 
    systemctl restart amavisd 
  9. Fixed: SOGo backup script 1)
    cd /var/vmail/backup/
    wget -O backup_sogo.sh https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/tools/backup_sogo.sh
    chown root backup_sogo.sh
    chmod 0400 backup_sogo.sh
  10. MySQL/MariaDB special
    1. SQL structure changes in vmail database
      wget -O iredmail.mysql https://bitbucket.org/zhb/iredmail/raw/default/extra/update/0.9.9/iredmail.mysql
      mysql vmail < iredmail.mysql
    2. Dovecot: read mailbox format from SQL
      vi /etc/dovecot/dovecot-mysql.conf
      :
      user_query = SELECT \
                  ...
                  LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir)) AS home, \
                  CONCAT(mailbox.mailboxformat, ':~/', mailbox.mailboxfolder, '/') AS mail, \
                  ...
      :
      systemctl restart dovecot
  11. 更新 /etc/iredmail-release 內容為 0.9.9
    vi /etc/iredmail-release
    0.9.9
    #0.9.8 MARIADB edition.
    :

其他議題

關閉 netdata

備份與還原

參考網址

1)
如果安裝時有更改目錄 Exp. /maildata/backup, 就依照更改的目錄執行
tech/iredmail.txt · 上一次變更: 2019/08/16 14:38 由 jonathan_tsai