iRedMail Installation with MariaDB

From KlavoWiki
Jump to navigationJump to search

The following instructions were performed on CentOS 7.2 with a minimal install.
iRedMail provides self hosting email with SOGo providing Exchange Active Sync operations.

Installation

Before proceeding make sure that when you ping the hostname and FQDN of your computer/server that the reply address is 172.0.0.1 

yum -y update
reboot

yum -y install vim wget bzip2 deltarpm yum-cron openchange
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm

cd /usr/src
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.5-1.tar.bz2
bzip2 -dk iRedMail-0.9.5-1.tar.bz2
tar xvf iRedMail-0.9.5-1.tar
rm -f iRedMail-0.9.5-1.t*
cd iRedMail-0.9.5-1
bash iRedMail.sh

--> Wait. Looks like nothing is happening or broken but it is background processing.
--> Be patient. 10 minutes plus depending on CPU and internet speed.

Post Installation Information

Mailboxes /var/mail
Sensitive Info /usr/src/iRedMail-0.9.5-1/config
Post installation information /root/iRedMail-x.y.z/iRedMail.tips


URL's

Roundcube webmail https://your_server/mail/
SOGo Groupware https://your_server/SOGo
Web admin panel httpS://your_server/iredadmin/
Awstats httpS://your_server/awstats

Distributions Lists and Aliases

Aliases

Unless you have purchased the Professional version of iRedMail ther WEB GUI does not offer a method to create aliases or distribution lists. Aliases and distribution lists can still be created but you will need to manually add entries to the vmail.alias MariaDB table.

An alias can be for an email address on a different domain or to a domain hosted elsewhere. An alias is basically forwarding that email to any other email address.

To create an alias of david@testforme.com for email address postmaster@testforme.com 

mysql -pmypasswordforMariaDB vmail

INSERT INTO alias (address, goto, name, accesspolicy, domain, created, is_alias, alias_to) VALUES ('david@testforme.com', 'postmaster@testforme.com', 'David Klaverstyn', 'public', 'testforme.com', now(), 1, 'postmaster@testforme.com');

Distribution List

A distribution list is an email address that is forwarded to two or more email address. The email address can be either locally or externally hosted emails on different domains.

To create a distribution list of sales@testforme.com that contains the members tim@testforme.com, bill@microsoft.com and john@google.com. 

mysql -pmypasswordforMariaDB vmail

INSERT INTO alias (address, goto, name, accesspolicy, domain, created, islist) VALUES ('sales@testforme.com', 'tim@testforme.com,bill@microsoft.com,john@google.com', 'Sales List', 'public', 'testforme.com', now(), 1);

vmail.alias Table Description

+--------------+--------------+------+-----+---------------------+-------+
| Field        | Type         | Null | Key | Default             | Extra |
+--------------+--------------+------+-----+---------------------+-------+
| address      | varchar(255) | NO   | PRI |                     |       |
| goto         | text         | YES  |     | NULL                |       |
| name         | varchar(255) | NO   |     |                     |       |
| moderators   | text         | YES  |     | NULL                |       |
| accesspolicy | varchar(30)  | NO   |     |                     |       |
| domain       | varchar(255) | NO   | MUL |                     |       |
| islist       | tinyint(1)   | NO   | MUL | 0                   |       |
| is_alias     | tinyint(1)   | NO   | MUL | 0                   |       |
| alias_to     | varchar(255) | NO   | MUL |                     |       |
| created      | datetime     | NO   |     | 1970-01-01 01:01:01 |       |
| modified     | datetime     | NO   |     | 1970-01-01 01:01:01 |       |
| expired      | datetime     | NO   | MUL | 9999-12-31 00:00:00 |       |
| active       | tinyint(1)   | NO   | MUL | 1                   |       |
+--------------+--------------+------+-----+---------------------+-------+

Access Policies

Available access policies are:

public no restrictions
domain all users under same domain are allowed to send email to this mail list.
subdomain all users under same domain and sub-domains are allowed to send email to this mail list.
membersOnly only members of this mail list are allowed.
allowedOnly only moderators of this mail list are allowed. Moderators are email addresses stored in SQL column alias.moderators. With iRedAPD-1.4.5, it's ok to use *@domain.com as (one of) moderator for all users under mail domain 'domain.com'.
memebersAndModeratorsOnly only members and moderators of this mail list are allowed.

Send from an Alias

The only way I have been able to send from an alias address is to use the roundcube web mail interface. Go into settings and create a new identity. Creating a new identity that does not existing in vmail.alias will have an error when sending the email.
Using Outlook and EAS always sends from the primary email address of the logged in account. 

vi /opt/iredapd/libs/default_settings.py

ALLOWED_LOGIN_MISMATCH_SENDERS = ['email1@thisdomain.net','email2@thatdomain.com']

service iredapd restart

SSL Certificates

I'm not going into specific details here. I use StartSSL certificates as they are free for private use.
Note: I have noticed that if you try going to your WEB server and you get a blank page, I found this occurs when the SSL certificate does not match the certificate name or SAN on the certificate.

Certificate path location. 

/etc/pki/tls/certs/

openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/certs/sogo.key -out /etc/pki/tls/certs/sogo.csr

vi /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/2_mail.myserver.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/sogo.key
SSLCACertificateFile /etc/pki/tls/certs/1_root_bundle.crt

Force SSL

To redirect all HTTP traffic to use SSL. 

vi /etc/httpd/conf.d/ssl.conf

Add the following lines to the bottom of the file before the close of </VirtualHost> 

RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "mail.myserver.com"
RequestHeader set "x-webobjects-server-url" "https://mail.myserver.com"

AWStats

iRedMail uses SHa512 password hashes and Apache is unable to read these passwords. you will need to use a MD5 password for Apache to read the password. Rather than changing the password I decided to create a new account specifically for AWStats. Looking at the AWStats configuration file it is looking for a user that has global domain rights. Based on this information I crated a new use within the SQL database.

Create a MD5 password. 

doveadm pw -s 'MD5' -p 'ThisisMyPassword' | awk -F'{MD5}' '{print $2}'

Copy the MD5 password and use in the next commands.

Enter the SQL CLI 

mysql -pMyLongandComplexSQLPassword vmail

Create a new user for AWStats. Username awstats with password from previous MD5 hash. 

insert into mailbox (username, password, name, isglobaladmin, created) values ('awstats', '$1$xDPIzoZn$TKtQTV0qig0G7L.EoY2ay1', 'AWStats User', 1, now());

Change the password for user awstats 

update mailbox set modified=now(), password='$1$3b.qn8Vu$FDI/.rO9YrCFDQsmC11GE.' where username='awstats';

Delete awstats user 

delete from mailbox where username='awstats';

Display all Global Admins 

select username, password, name from mailbox where isglobaladmin=1;
Retrieved from ‘https://klaverstyn.com.au/david/wiki/index.php?title=iRedMail_Installation_with_MariaDB&oldid=2036