iRedMail Installation with MariaDB: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
Line 150: Line 150:
<pre>
<pre>
/etc/pki/tls/certs/
/etc/pki/tls/certs/
</pre>
<pre>
openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/certs/sogo.key -out /etc/pki/tls/certs/sogo.csr
</pre>
</pre>


Line 157: Line 161:


<pre>
<pre>
SSLCertificateFile /etc/pki/tls/certs/2_mail.david.dyndnsforme.com.crt
SSLCertificateFile /etc/pki/tls/certs/2_mail.myserver.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/sogo.key
SSLCertificateKeyFile /etc/pki/tls/certs/sogo.key
SSLCACertificateFile /etc/pki/tls/certs/1_root_bundle.crt
SSLCACertificateFile /etc/pki/tls/certs/1_root_bundle.crt

Revision as of 06:49, 3 July 2016

The following instructions were performed on CentOS 7.2 with a minimal install.
iRedMail provides self hosting email with SOGo providing Exchange Active Sync operations.

Installation

Before proceeding make sure that when you ping the hostname and FQDN of your computer/server that the reply address is 172.0.0.1

yum -y update
reboot
yum -y install vim wget bzip2 deltarpm yum-cron openchange
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm
cd /usr/src
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.5-1.tar.bz2
bzip2 -dk iRedMail-0.9.5-1.tar.bz2
tar xvf iRedMail-0.9.5-1.tar
rm -f iRedMail-0.9.5-1.t*
cd iRedMail-0.9.5-1
bash iRedMail.sh

--> Wait. Looks like nothing is happening or broken but it is background processing.
--> Be patient. 10 minutes plus depending on CPU and internet speed.

Post Installation Information

Mailboxes /var/mail
Sensitive Info /usr/src/iRedMail-0.9.5-1/config
Post installation information /root/iRedMail-x.y.z/iRedMail.tips


URL's

Roundcube webmail https://your_server/mail/
SOGo Groupware https://your_server/SOGo
Web admin panel httpS://your_server/iredadmin/
Awstats httpS://your_server/awstats

Distributions Lists and Aliases

Aliases

Unless you have purchased the Professional version of iRedMail ther WEB GUI does not offer a method to create aliases or distribution lists. Aliases and distribution lists can still be created but you will need to manually add entries to the vmail.alias MariaDB table.

An alias can be for an email address on a different domain or to a domain hosted elsewhere. An alias is basically forwarding that email to any other email address.

To create an alias of david@testforme.com for email address postmaster@testforme.com

mysql -pmypasswordforMariaDB vmail
INSERT INTO alias (address, goto, name, accesspolicy, domain, created, is_alias, alias_to) VALUES ('david@testforme.com', 'postmaster@testforme.com', 'David Klaverstyn', 'public', 'testforme.com', now(), 1, 'postmaster@testforme.com');

Distribution List

A distribution list is an email address that is forwarded to two or more email address. The email address can be either locally or externally hosted emails on different domains.

To create a distribution list of sales@testforme.com that contains the members tim@testforme.com, bill@microsoft.com and john@google.com.

mysql -pmypasswordforMariaDB vmail
INSERT INTO alias (address, goto, name, accesspolicy, domain, created, islist) VALUES ('sales@testforme.com', 'tim@testforme.com,bill@microsoft.com,john@google.com', 'Sales List', 'public', 'testforme.com', now(), 1);

vmail.alias Table Description

+--------------+--------------+------+-----+---------------------+-------+
| Field        | Type         | Null | Key | Default             | Extra |
+--------------+--------------+------+-----+---------------------+-------+
| address      | varchar(255) | NO   | PRI |                     |       |
| goto         | text         | YES  |     | NULL                |       |
| name         | varchar(255) | NO   |     |                     |       |
| moderators   | text         | YES  |     | NULL                |       |
| accesspolicy | varchar(30)  | NO   |     |                     |       |
| domain       | varchar(255) | NO   | MUL |                     |       |
| islist       | tinyint(1)   | NO   | MUL | 0                   |       |
| is_alias     | tinyint(1)   | NO   | MUL | 0                   |       |
| alias_to     | varchar(255) | NO   | MUL |                     |       |
| created      | datetime     | NO   |     | 1970-01-01 01:01:01 |       |
| modified     | datetime     | NO   |     | 1970-01-01 01:01:01 |       |
| expired      | datetime     | NO   | MUL | 9999-12-31 00:00:00 |       |
| active       | tinyint(1)   | NO   | MUL | 1                   |       |
+--------------+--------------+------+-----+---------------------+-------+

Access Policies

Available access policies are:

public no restrictions
domain all users under same domain are allowed to send email to this mail list.
subdomain all users under same domain and sub-domains are allowed to send email to this mail list.
membersOnly only members of this mail list are allowed.
allowedOnly only moderators of this mail list are allowed. Moderators are email addresses stored in SQL column alias.moderators. With iRedAPD-1.4.5, it's ok to use *@domain.com as (one of) moderator for all users under mail domain 'domain.com'.
memebersAndModeratorsOnly only members and moderators of this mail list are allowed.

Send from an Alias

The only way I have been able to send from an alias address is to use the roundcube web mail interface. Go into settings and create a new identity. Creating a new identity that does not existing in vmail.alias will have an error when sending the email.
Using Outlook and EAS always sends from the primary email address of the logged in account.

vi /opt/iredapd/libs/default_settings.py
ALLOWED_LOGIN_MISMATCH_SENDERS = ['email1@thisdomain.net','email2@thatdomain.com']
service iredapd restart

SSL Certificates

I'm not going into specific details here. I use StartSSL certificates as they are free for private use.
Note: I have noticed that if you try going to your WEB server and you get a blank page, I found this occurs when the SSL certificate does not match the certificate name or SAN on the certificate.

Certificate path location.

/etc/pki/tls/certs/
openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/certs/sogo.key -out /etc/pki/tls/certs/sogo.csr
vi /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/2_mail.myserver.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/sogo.key
SSLCACertificateFile /etc/pki/tls/certs/1_root_bundle.crt

Force SSL

To redirect all HTTP traffic to use SSL.

vi /etc/httpd/conf.d/ssl.conf

Add the following lines to the bottom of the file before the close of </VirtualHost>

RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "mail.myserver.com"
RequestHeader set "x-webobjects-server-url" "https://mail.myserver.com"