Install/iRedMail/FreeBSD/Jail
From iRedMail
Contents |
Disclaimer
Don't public this article on other pages than iredmail without agree of me please :) Its beta version of tutorial, if You found errors please write this on forum or edit on wiki.
Chapter 0: Before You start
Our specification
- Domain: Mail.example.com
- Network Interface (which is connected to internet): em0
- Host IP (public IP): 188.256.256.256
- Jail IP (private IP): 192.168.1.1
- OS: FreeBSD 8.1
- Ports tree from: 10-11-2010
What You must know about jail
Before install read FreeBSD Handbook and Wiki:
System requirement
- pf (firewall) compiled in kernel. If You haven't pf then add this lines to Your kernel configuration:
| File: |
]device pf options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build |
More about kernel configration, building and installation You can read here: http://www.freebsd.org/doc/handbook/kernelconfig-building.html
- Installed ezjail.
- Created jail enviroment, read this tutorial: http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail
Don't forget enter correct jail IP (192.168.1.1) and correct hostname (mail.example.com) on creating jail.
Chapter 1: Setup network
1. We start from settings network on host (not jail), edit rc.conf with command:
| Terminal: |
# ee /etc/rc.conf |
2. Add lines which You haven't in rc.conf
| File: rc.conf |
# Network Interface settings ifconfig_em0="inet 188.256.256.256 netmask 255.255.255.0" # Main host - connect to Internet ifconfig_em0_alias0="inet 192.168.1.1 netmask 255.255.255.255" # Our Jail for iRedMail ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line. ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line. gateway_enable="YES" # Enabling services ezjail and pf on system start ezjail_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" |
Lines:
| File: |
ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line. ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line. |
Are don't needed if You haven't two or three jails. You can comment or delete this lines.
3. Reboot machine or enter this command:
| Terminal: |
# ifconfig em0 inet 192.168.1.1 alias |
4. Check settings with command:
| Terminal: |
# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:25:90:12:37:a0
inet 188.256.256.256 netmask 0xffffff00 broadcast 188.256.256.255
inet 192.168.1.1 netmask 0xffffffff broadcast 192.168.1.1
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:25:90:12:37:a1
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
|
5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command: [code]touch /etc/pf.conf[/code]
And now edit pf.conf file: [code]ee /etc/pf.conf[/code]
6. Add this lines to Your pf.conf: [code]# Ports forwarding. Uncomment services which You will be using. rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin) rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin) rdr pass on em0 proto tcp from any to em0 port 25 -> 192.168.1.1 port 25 # SMTP rdr pass on em0 proto tcp from any to em0 port 587 -> 192.168.1.1 port 587 # SMTP SSL, Submission rdr pass on em0 proto tcp from any to em0 port 110 -> 192.168.1.1 port 110 # POP3 rdr pass on em0 proto tcp from any to em0 port 995 -> 192.168.1.1 port 995 # POP3 SSL
- rdr pass on em0 proto tcp from any to em0 port 143 -> 192.168.1.1 port 143 # IMAP
- rdr pass on em0 proto tcp from any to em0 port 993 -> 192.168.1.1 port 993 # IMAP SSL
- NAT
nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256[/code]
7. Start/restart pf with command: [code]/etc/rc.d/pf restart[/code]
8. Edit jail's rc.conf file with command: [code]ee /path/to/your/jail/etc/rc.conf[/code] Path to Your jail You added on jail install with ezjail.
9. You must make some changes in jail's rc.conf file: [code]# Network settings defaultrouter="188.256.256.256" early_late_divider="NETWORKING" ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias" hostname="mail.example.com"[/code]
10. Restart iRedMail jail with command: [code]/usr/local/etc/rc.d/ezjail restart mail.example.com[/code]
11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command: [code]jls[/code] Results: [code]JID IP Address Hostname Path
2 192.168.1.1 mail.example.com /home/jails/mail.example.com
3 192.168.1.3 dupa.com /home/jails/dupa.com
6 192.168.1.2 duza-dupa.com /home/jails/duza-dupa.com[/code]
iRedMail jail have JID 2, so we run command: [code]jexec 2 csh[/code]
12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands: [code]ping 69.147.83.40[/code] Results: [code]PING 69.147.83.40 (69.147.83.40): 56 data bytes 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms 64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=148.181 ms
--- 69.147.83.40 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms[/code]
Network is working. Now we check our DNS with command: [code]ping freebsd.org[/code]
Results: [code]PING freebsd.org (69.147.83.40): 56 data bytes 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms 64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=152.862 ms
--- freebsd.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms[/code]
All is working. Now we quit from jail with command: [code]exit[/code] Results: [code]mail# exit exit
- [/code]
If all is okay You can go to next chapter, if don't then setup Your network correctly.
Chapter 2: Installing iRedMail in jail
1. List, and enter to correct jail with commands:
| Terminal: |
# jls JID IP Address Hostname Path 2 192.168.1.1 mail.example.com /home/jails/mail.example.com 3 192.168.1.3 dupa.com /home/jails/dupa.com 6 192.168.1.2 duza-dupa.com /home/jails/duza-dupa.com |
iRedMail jail have JID 2, so we run command:
| Terminal: |
# jexec 2 csh mail# |
2. Install bash shell with command:
| Terminal: |
# cd /usr/ports/shells/bash && make install clean |
Run bash with command:
| Terminal: |
# /usr/local/bin/bash |
3. Download and unpack iRedMail (enter link to current stable version) with command:
| Terminal: |
# cd /root # fetch http://iredmail.googlecode.com/files/iRedMail-0.6.1.tar.bz2 # tar zxvf iRedMail-0.6.1.tar.bz2 |
4. Start installation script, with command:
| Terminal: |
# cd iRedMail-0.6.1/pkgs/ # bash get_all.sh # cd .. # bash iRedMail.sh |
5. Congurate and install iRedMail with tutorial: http://code.google.com/p/iredmail/wiki/Installation_on_FreeBSD
I had some errors on compilation postfix26 on FreeBSD 8.1:
| Terminal: |
[src/util] cc -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" -DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\" -DDEF_NEWALIAS_PATH=\"/usr/local/bin/newaliases\" -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\" -DDEF_MANPAGE_DIR=\"/usr/local/man\" -DDEF_README_DIR=\"/usr/local/share/doc/postfix\" -DDEF_HTML_DIR=\"/usr/local/share/doc/postfix\" -DDEF_QUEUE_DIR=\"/var/spool/postfix\" -DDEF_DATA_DIR=\"/var/db/postfix\" -DDEF_MAIL_OWNER=\"postfix\" -DDEF_SGID_GROUP=\"maildrop\" -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS -I/usr/include -I/usr/local/include/db46 -DHAS_MYSQL -I/usr/local/include/mysql -DHAS_LDAP -I/usr/local/include -DHAS_CDB -I/usr/local/include NO -O2 -fno-strict-aliasing -pipe -DLDAP_DEPRECATED -I. -DFREEBSD8 -c alldig.c cc: NO: No such file or directory *** Error code 1 Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/src/util. *** Error code 1 Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7. *** Error code 1 Stop in /basejail/usr/ports/mail/postfix26. *** Error code 1 Stop in /basejail/usr/ports/mail/postfix26. |
But it's easy to fix, run command:
| Terminal: |
# cd /usr/ports/mail/postfix26 && make clean && make install clean - ===> Installing for postfix-2.6.7,1 ===> postfix-2.6.7,1 depends on executable: dovecot - found ===> postfix-2.6.7,1 depends on shared library: pcre.0 - found ===> postfix-2.6.7,1 depends on shared library: ldap-2.4.7 - found ===> postfix-2.6.7,1 depends on shared library: mysqlclient.15 - found ===> postfix-2.6.7,1 depends on shared library: db-4.6.0 - found ===> Generating temporary packing list ===> Checking if mail/postfix26 already installed Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]? |
Enter "y" key on keyboard and wait for next question:
[code]- install -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/rmail/rmail /usr/local/bin/rmail install -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/qshape/qshape.pl /usr/local/bin/qshape install -o root -g wheel -m 444 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/man/man1/qshape.1 /usr/local/man/man1 Would you like to activate Postfix in /etc/mail/mailer.conf [n]?[/code]
Enter "y" key on keyboard and wait for finish installation of postfix. Next step is edit .iRedMail.installation.status file with command: [code]ee /root/iRedMail-0.6.1/.iRedMail.installation.status[/code]
Add below line at end of file [code]export status_install_port_mailpostfix26='DONE'[/code]
Start installation script again: [code]bash /root/iRedMail-0.6.1/iRedMail.sh[/code]
6. When installation is finished don't start postfix:
| Terminal: |
************************************************************************* * iRedMail-0.6.1 installation and configuration complete. ************************************************************************* < Question > Would you like to start postfix now? [y|N] |
Enter "n" key on Your keyboard.
7. Edit apache22/Includes/phpmyadmin.conf file with command:
| Terminal: |
# ee /usr/local/apache22/Includes/phpmyadmin.conf |
Uncomment lines:
| Terminal: |
Alias /phpmyadmin "/usr/local/www/phpMyAdmin" Alias /mysql "/usr/local/www/phpMyAdmin" |
8. Start apache22 and mysql-server with commands:
| Terminal: |
# /usr/local/etc/rc.d/apache22 start # /usr/local/etc/rc.d/mysql-server start |
9. Open phpMyAdmin in web browser with url: http://mail.example.com/mysql and log in.
10. Go to MySQL Permissions (I haven't eng version I dont know how its called) and add IP 192.168.1.1 to user 'vmail'.
11. Edit postfix26/master.cf file with command:
| Terminal: |
# ee /usr/local/etc/postfix26/master.cf |
Change one line for jail ip:
| Terminal: |
-o mynetworks=192.168.1.1 |
12. Edit amavisd.conf with command:
| Terminal: |
# ee /usr/local/etc/amavisd.conf |
Add this line:
| File: amavisd.conf |
@inet_acl = qw( 192.168.1.1 ); |
13. If You want using awstats edit awstats.conf:
| Terminal: |
# ee /usr/local/etc/apache22/Includes/awstats.conf |
You must make some changes (installation script have errors) on first lines:
| File: |
# Note: Please refer to /usr/local/etc/apache22/extra/httpd-ssl.conf for SSL/TLS setting.
Alias /awstatsicons /usr/local/www/awstats/icons/
Alias /css /usr/local/www/awstats/css/
Alias /js /usr/local/www/awstats/js/
ScriptAlias /awstats /usr/local/www/awstats/cgi-bin/awstats.pl
<Directory /usr/local/www/awstats/cgi-bin/>
DirectoryIndex awstats.pl
Options ExecCGI
order deny,allow
allow from all
#allow from 127.0.0.1
AuthName "Authorization Required"
AuthType Basic
|
Now go to web browser: http://mail.example.com/awstats, it should work.
Chapter 3: Moving iRedMail to jail
First Install iRedMail as Chapter 1 and 2. Next step - update only this what You need.
[b]What You must update?[/b] 1. Copy old vmail dir to new vmail dir in JAIL 2. Check permission in vmail dir (/var/mail for me) [code]ls -l /var/vmail/ total 4 drwx------ 4 vmail vmail 512 Nov 12 22:18 sieve drwx------ 10 vmail vmail 512 Nov 9 16:06 vmail1[/code] If You haven't owner vmail:vmail then setup this with command: [code]# chown -R vmail:vmail /var/vmail[/code]
3. Export from older MySQL tables in vmail database and import to newer. If You changing dir of vmail run this command in phpMyAdmin: [code]UPDATE mailbox SET storagebasedirectory='/var/vmail' WHERE storagebasedirectory='/home/vmail';[/code] /var/vmail - my new vmail dir /home/vmail - my old vmail dir
