CentOS7 安裝 iRedMail Mail Server

  • 關閉 selinux
    vi /etc/selinux/config
    :
    SELINUX=disabled
  • 設定 /etc/sysconfig/network
    HOSTNAME=iredmail.ichiayi.com
  • 設定 /etc/hosts
    127.0.0.1   iredmail.ichiayi.com iredmail localhost localhost.localdomain
  • 設定 /etc/hostname
    iredmail.ichiayi.com
  • 重新開機
    sync;sync;sync;reboot
su - root
yum install wget bzip2
cd /root/
wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.9.tar.bz2
tar xjf iRedMail-0.9.9.tar.bz2
cd /root/iRedMail-0.9.9/
bash iRedMail.sh
  • 安裝完成最後更新完成掃毒病毒碼 daily.cld 之後, 要重新開機所有服務才能正常啟動
    sync;sync;sync;reboot
  • 如果執行安裝時一直出現 /etc/hosts 的設定錯誤, 請先用
    hostname -f

    是否能夠正確出現標準 FQDN 格式 Exp. iredmai.ichiayi.com

  • 如果是安裝在中國機房, 因為 iredmail.org 被 GFW 封鎖, 所以要改用以下語法
    IREDMAIL_EPEL_MIRROR='http://mirrors.aliyun.com/epel'
    IREDMAIL_MIRROR='https://dl.iredmail.org' bash iRedMail.sh
  • 安裝完成後重要資訊會產生在 /root/iRedMail-0.9.8/iRedMail.tips 檔案內
    • 取得免費的 LetsEncrypt ssl 憑證 參考 - 申請設定 Let's Encrypt 免費 SSL 憑證(CentOS + Apache/Nginx)
      • Exp. 取得的憑證存放在 /etc/letsencrypt/live/mail.ichiayi.com/
    • 設定 Postfix (SMTP server) 執行命令
    • 設定 Dovecot (POP3/IMAP server) 參考設定內容
    • 設定 WebMail(nginx) 參考執行命令
    • 確認設定的 SSL 憑證有正式運作
      • IMAP 執行命令
      • POP3 執行命令
      • SMTP 執行命令
      • Web 執行命令
  • 如果 SSL 憑證與 Mail Server 在不同主機上, 每次憑證更新後可透過 rsync 方式來進行跨主機同步
  • Exp. SSL 憑證存在 192.168.11.234 主機上, 可在 Mail Server 執行以下的同步語法:
  • 是透過新舊 Mail Server 的 imap 協定來將舊 Mail Server 內的信件移轉至新 Mail Server 內
  • 安裝 imapsync
    yum install imapsync
  • 假設要移轉 jonathan 的信件, 要知道新舊主機 jonathan 的密碼, 將密碼寫入 /root/sync_info/jonathan 檔案內, 然後執行以下的語法
    imapsync --host1 mail.ichiayi.com --user1 jonathan --passfile1 /root/sync_info/jonathan --host2 192.168.11.236 --user2 jonathan --passfile2 /root/sync_info/jonathan
  • 執行後, 會在執行目錄底下產生 LOG_imapsync 目錄, 裡面會有執行過程的紀錄檔案 Exp. 2018_09_07_11_35_30_testalbert.txt
  • 記錄檔內出現 Err 的項目表示同步時出現異常的信件匣, 需要另外處理 Exp.
    Err 1/2: Could not create folder [from Albert/&ZbBbomI2--Data/INDIA/ABC.] from [from Albert/&ZbBbomI2--Data/INDIA/ABC.]: 38252 NO [CANNOT] Character not allowed in mailbox name: '.' (0.001 + 0.000 secs).
    :
  1. Upgrade iRedAPD → 5.0.2 - https://docs.iredmail.org/upgrade.iredapd.html
    su - root
    mkdir -p 0.9.9
    cd 0.9.9
    wget -O iRedAPD-5.0.2.tar.gz https://github.com/iredmail/iRedAPD/archive/5.0.2.tar.gz
    tar zxf iRedAPD-5.0.2.tar.gz
    cd iRedAPD-5.0.2/tools/
    bash upgrade_iredapd.sh

    查看更新紀錄

    tail -500 /var/log/iredapd/iredapd.log
  2. Upgrade iRedAdmin → 1.3 - https://docs.iredmail.org/migrate.or.upgrade.iredadmin.html
    cd /root/0.9.9
    wget https://dl.iredmail.org/yum/misc/iRedAdmin-1.3.tar.gz
    tar zxvf iRedAdmin-1.3.tar.gz
    cd iRedAdmin-1.3/tools/
    bash upgrade_iredadmin.sh
  3. Upgrade mlmmjadmin → 3.1.2 - https://docs.iredmail.org/upgrade.mlmmjadmin.html
    cd /root/0.9.9
    wget https://github.com/iredmail/mlmmjadmin/archive/3.1.2.tar.gz
    tar zxf 3.1.2.tar.gz
    cd mlmmjadmin-3.1.2/tools/
    bash upgrade_mlmmjadmin.sh
  4. Upgrade Roundcube webmail → 1.4.11 - https://github.com/roundcube/roundcubemail/wiki/Upgrade
    cd /root/0.9.9
    wget https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz
    tar xf roundcubemail-*.tar.gz
    cd roundcubemail-*
    bin/installto.sh /var/www/roundcubemail

    如果無法執行 /bin/installto.sh 可能要檢查 /etc/php.ini 內是否關閉 system 的命令使用

  5. Upgrade netdata → 1.12.0 - https://docs.iredmail.org/upgrade.netdata.html
    wget https://github.com/netdata/netdata/releases/download/v1.12.0/netdata-v1.12.0.gz.run
    chmod +x netdata-*.gz.run
    ./netdata-*.gz.run --accept
  6. Fix improper Nginx config files for Roundcube
    vi /etc/nginx/templates/roundcube.tmpl
    :
    location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
    :
    location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
    :
    location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; }
    :
    location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; }
    :
    vi /etc/nginx/templates/roundcube-subdomain.tmpl
    :
    location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; }
    :
    location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; }
    :
    location ~ ^/plugins/.*/config.inc.php.* { deny all; }
    :
    location ~ ^/plugins/enigma/home($|/.*) { deny all; }
    :
  7. Improve mlmmj script used for appending footer text
    cd /usr/bin/
    wget -O mlmmj-amime-receive https://raw.githubusercontent.com/iredmail/iRedMail/master/samples/mlmmj/mlmmj-amime-receive
    chown mlmmj:mlmmj mlmmj-amime-receive
    chmod 0550 mlmmj-amime-receive
  8. Fix address mapping issue for mlmmj mailing list
    vi /etc/amavisd/amavisd.conf
    :
    $policy_bank{'MLMMJ'} = {
        ...
        forward_method => 'smtp:[127.0.0.1]:10028',
    };
    :
    vi /etc/postfix/master.cf
    :
    127.0.0.1:10028 inet n  -   n   -   -  smtpd
        -o syslog_name=postfix/10028
        -o content_filter=
        -o mynetworks_style=host
        -o mynetworks=127.0.0.1
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o strict_rfc821_envelopes=yes
        -o smtp_tls_security_level=none
        -o smtpd_tls_security_level=none
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    
    systemctl restart postfix 
    systemctl restart amavisd 
  9. Fixed: SOGo backup script 1)
    cd /var/vmail/backup/
    wget -O backup_sogo.sh https://raw.githubusercontent.com/iredmail/iRedMail/master/tools/backup_sogo.sh
    chown root backup_sogo.sh
    chmod 0400 backup_sogo.sh
  10. MySQL/MariaDB special
    1. SQL structure changes in vmail database
      cd /root/0.9.9
      wget -O iredmail.mysql https://raw.githubusercontent.com/iredmail/iRedMail/master/update/0.9.9/iredmail.mysql
      mysql vmail < iredmail.mysql
    2. Dovecot: read mailbox format from SQL
      vi /etc/dovecot/dovecot-mysql.conf
      :
      user_query = SELECT \
                  ...
                  LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir)) AS home, \
                  CONCAT(mailbox.mailboxformat, ':~/', mailbox.mailboxfolder, '/') AS mail, \
                  ...
      :
      systemctl restart dovecot
  11. 更新 /etc/iredmail-release 內容為 0.9.9
    vi /etc/iredmail-release
    0.9.9
    #0.9.8 MARIADB edition.
    :
  • 2020/08 之後開始出現這問題, 快速解決方式是將 amavisd 服務啟動
    systemctl start amavisd
    systemctl enable amavisd
  • 可以直接透過資料庫加上一位現有的信箱用戶當管理者 Exp. [email protected]
  • 登入 iRedMail 的資料庫

    mysql -u root -p
    USE vmail;
    select isadmin,isglobaladmin from mailbox where username = '[email protected]';
    UPDATE mailbox SET isadmin=1, isglobaladmin=1 WHERE  username = '[email protected]';
    INSERT INTO domain_admins (username, domain) VALUES ('[email protected]', 'ALL');

  • 看詳細過程

    mysql -u root -p
    MariaDB [(none)]> USE vmail;
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A
    
    Database changed
    MariaDB [vmail]> select isadmin,isglobaladmin from mailbox where username = '[email protected]';
    +---------+---------------+
    | isadmin | isglobaladmin |
    +---------+---------------+
    |       0 |             0 |
    +---------+---------------+
    1 row in set (0.00 sec)
    
    MariaDB [vmail]> UPDATE mailbox SET isadmin=1, isglobaladmin=1 WHERE  username = '[email protected]';
    Query OK, 1 row affected (0.00 sec)
    Rows matched: 1  Changed: 1  Warnings: 0
    
    MariaDB [vmail]>  INSERT INTO domain_admins (username, domain) VALUES ('[email protected]', 'ALL');
    Query OK, 1 row affected (0.00 sec)
    MariaDB [vmail]> exit
    Bye

  • 使用這位帳號密碼登入 iRedAdmin 就可以進行 Web 的管理

1)
如果安裝時有更改目錄 Exp. /maildata/backup, 就依照更改的目錄執行
  • tech/iredmail.txt
  • 上一次變更: 2021/06/27 00:05
  • jonathan