From iRedMail

(Difference between revisions)

Jump to: navigation, search

Revision as of 05:40, 17 February 2013

Summary

This tutorial describes how to create a FreeBSD Jail with ezjail, and install the latest iRedMail in Jail.

We use hostname mx.example.com and IP address 172.16.122.244 for our Jail server.

Notes:

This tutorial was tested with FreeBSD 9 and the latest ports tree, but it should work on FreeBSD 8 and 10 too.
All backends available in iRedMail (OpenLDAP, MySQL, PostgreSQL) were tested, work like a charm. :)

Requirements

iRedMail-0.8.3 or later releases.
Port sysutils/ezjail for FreeBSD.

Preparation

Set a proper hostname and IP address for Jail server

We use hostname mx.example.com and internal IP address 172.16.122.244 for example. We created an alias IP address on network interface em0, so we have below setting in /etc/rc.conf for this IP address:

File: /etc/rc.conf

ifconfig_em0_alias0="inet 172.16.122.244 netmask 255.255.255.0"

# Settings for our Jail: mx.example.com.
jail_mx_example_com_hostname="mx.example.com"
jail_mx_example_com_ip="172.16.122.244'

Install sysutils/ezjail and add required settings

Install ezjail with ports tree:

Terminal:

# cd /usr/ports/sysutils/ezjail/
# make install clean

Enable Jail by adding below setting in /etc/rc.conf:

File: /etc/rc.conf

# Start ezjail while system start up
ezjail_enable="YES"

# Set security.jail.allow_raw_sockets=1 to allow PostgreSQL initial database.
jail_sysvipc_allow="YES"

[OPTIONAL] Allow to use ping command inside Jail by adding below line in /etc/sysctl.conf:

File: /etc/sysctl.conf

security.jail.allow_raw_sockets=1

Rebooting system is required after changing /etc/rc.conf.

Terminal:

# reboot

Create Jail

After system start up, create the base jail that all jails we created later will use:

Terminal:

# ezjail-admin install -p

create Jail for domain name mx.example.com, bound to internal IP address 172.16.122.244. All files are placed under /jails/mx.example.com:

Terminal:

# ezjail-admin create -r /jails/mx.example.com mx.example.com 172.16.122.244

Set hostname of Jail in /jails/mx.example.com/etc/rc.conf:

File: /jails/mx.example.com/etc/rc.conf

hostname="mx.example.com"

[OPTIONAL] Share /usr/ports/distfiles/ with Jail by adding below line in /etc/fstab.mx_example_com:
- NOTE: Jail will set ports tree to /var/ports instead of /usr/ports in /jails/mx.example.com/etc/make.conf, you can either use it or change it to /usr/ports.

File: /etc/fstab.mx_example.com

/usr/ports/distfiles /jails/mx.example.com/basejail/usr/ports/distfiles nullfs rw 0 0

Start Jail.

Terminal:

# /usr/local/etc/rc.d/ezjail restart

List all Jails:

Terminal:

# ezjail-admin list
STA JID  IP               Hostname                          Root Directory
--- ---- ---------------- --------------------------------- ------------------------
DS  1    172.16.122.244   mx.example.com                    /jails/mx.example.com

Install iRedMail

We can now enter this Jail:

Terminal:

# ezjail-admin console mx.example.com

In Jail, update /etc/resolv.conf with valid DNS server address(es). For example:

File: Jail: /etc/resolv.conf

nameserver 172.16.122.2

In Jail, install binary package bash. Required by iRedMail.

Terminal:

Jail # pkg_add -r bash-static

In Jail, Start iRedMail installer with your Jail ip address:

Terminal:

Jail # bash
bash # cd /root/iRedMail/
bash # LOCAL_ADDRESS='172.16.122.244' bash iRedMail.sh

That's all.

@@ Line 1: / Line 1: @@
 __TOC__
-----
-This is a DRAFT, still working in progress. Don't try it on production server.
-----
 = Summary =
 This tutorial describes how to create a FreeBSD Jail with ezjail, and install the latest iRedMail in Jail.
+We use hostname '''mx.example.com''' and IP address '''172.16.122.244''' for our Jail server.
 Notes:
@@ Line 13: / Line 11: @@
 * This tutorial was tested with FreeBSD 9 and the latest ports tree, but it should work on FreeBSD 8 and 10 too.
 * All backends available in iRedMail (OpenLDAP, MySQL, PostgreSQL) were tested, work like a charm. :)
 = Requirements =
-* iRedMail-0.8.2 or later releases.
+* iRedMail-0.8.3 or later releases.
 * Port '''sysutils/ezjail''' for FreeBSD.
 = Preparation =
-* Prepare IP address used for Jail. Here we use internal IP address '''172.16.122.244''' for example. We created an alias IP address on network interface '''em0''', so we have below setting in '''/etc/rc.conf''' for this IP address:
+== Set a proper hostname and IP address for Jail server ==
+We use hostname '''mx.example.com''' and internal IP address '''172.16.122.244'''  for example. We created an alias IP address on network interface '''em0''', so we have below setting in '''/etc/rc.conf''' for this IP address:
 {{cfg|/etc/rc.conf|<pre>
 ifconfig_em0_alias0="inet 172.16.122.244 netmask 255.255.255.0"
+# Settings for our Jail: mx.example.com.
+jail_mx_example_com_hostname="mx.example.com"
+jail_mx_example_com_ip="172.16.122.244'
 </pre>}}
-= Create Jail and install iRedMail=
+== Install sysutils/ezjail and add required settings ==
-* Install ezjail:
+* Install ezjail with ports tree:
 {{cmd|<pre>
 # cd /usr/ports/sysutils/ezjail/
@@ Line 34: / Line 36: @@
 </pre>}}
-* Add below setting in /etc/rc.conf:
+* Enable Jail by adding below setting in '''/etc/rc.conf''':
 {{cfg|/etc/rc.conf|<pre>
 # Start ezjail while system start up
@@ Line 41: / Line 43: @@
 # Set security.jail.allow_raw_sockets=1 to allow PostgreSQL initial database.
 jail_sysvipc_allow="YES"
+</pre>}}
+* [OPTIONAL] Allow to use '''ping''' command inside Jail by adding below line in '''/etc/sysctl.conf''':
+{{cfg|/etc/sysctl.conf|<pre>
+security.jail.allow_raw_sockets=1
 </pre>}}
 * Rebooting system is required after changing '''/etc/rc.conf'''.
 {{cmd|<pre># reboot</pre>}}
+= Create Jail =
 * After system start up, create the base jail that all jails we created later will use:
@@ Line 54: / Line 63: @@
 {{cmd|<pre>
 # ezjail-admin create -r /jails/mx.example.com mx.example.com 172.16.122.244
+</pre>}}
+* Set hostname of Jail in '''/jails/mx.example.com/etc/rc.conf''':
+{{cfg|/jails/mx.example.com/etc/rc.conf|<pre>
+hostname="mx.example.com"
+</pre>}}
+* [OPTIONAL] Share /usr/ports/distfiles/ with Jail by adding below line in '''/etc/fstab.mx_example_com''':
+** NOTE: Jail will set ports tree to '''/var/ports''' instead of '''/usr/ports''' in /jails/mx.example.com/etc/make.conf, you can either use it or change it to '''/usr/ports'''.
+{{cfg|/etc/fstab.mx_example.com|<pre>
+/usr/ports/distfiles /jails/mx.example.com/basejail/usr/ports/distfiles nullfs rw 0 0
 </pre>}}
@@ Line 64: / Line 84: @@
 {{cmd|<pre>
 # ezjail-admin list
-STA JID  IP              Hostname                               Root Directory
+STA JID  IP               Hostname                          Root Directory
---- ---- ----------------------- ------------------------------ ------------------------
+--- ---- ---------------- --------------------------------- ------------------------
-DS  N/A  172.16.122.244  mx.example.com                     /jails/mx.example.com
+DS  1    172.16.122.244   mx.example.com                    /jails/mx.example.com
 </pre>}}
+= Install iRedMail =
 We can now enter this Jail:
@@ Line 74: / Line 96: @@
 </pre>}}
-* In Jail, update /etc/resolv.conf with valid DNS server address(es). For example:
+* In Jail, update '''/etc/resolv.conf''' with valid DNS server address(es). For example:
 {{cfg|Jail: /etc/resolv.conf|<pre>
 nameserver 172.16.122.2
@@ Line 84: / Line 106: @@
 </pre>}}
-* Start iRedMail installer with your Jail ip address:
+* In Jail, Start iRedMail installer with your Jail ip address:
 {{cmd|<pre>
 Jail # bash

Install/iRedMail/FreeBSD.Jail

From iRedMail

Revision as of 05:40, 17 February 2013

Contents

Summary

Requirements

Preparation

Set a proper hostname and IP address for Jail server

Install sysutils/ezjail and add required settings

Create Jail

Install iRedMail

Views

Personal tools

Navigation

Search

Toolbox