Backup and restore


Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.


Backup mailboxes

All mailboxes are stored under /var/vmail/vmail1 by default, this path is configurable during iRedMail installation, so the real directory may be different on your server.

Mail messages are stored in Maildir format by default, that means one mail message is one plain text file (but mail body is encoded), you can backup mailboxes with tool like rsync or other backup tools.

After restored mailboxes, /var/vmail/vmail1 must be owned by user vmail, group vmail, permission 0700 on iRedMail server.

Backup mail accounts

iRedMail has daily cron job to backup mail accounts which are stored in SQL/LDAP database, you can run command below as root user to verify it:

crontab -l -u root

Sample output on an iRedMail server with OpenLDAP backend:

# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1   3   *   *   *   /bin/bash /var/vmail/backup/

# iRedMail: Backup MySQL databases every day on 03:10 AM
10   3   *   *   *   /bin/bash /var/vmail/backup/


Backup additional data manually


How to restore SQL databases

You can simply restore plain SQL files backed up by above backup scripts.


If you're restoring on a NEW iRedMail server, do NOT restore the database which is named mysql exported from old server, it contains SQL usernames and passwords used in many components (e.g. Postfix, Dovecot, Roundcube webmail) on old server. New iRedMail server already has the same SQL accounts with different passwords, so please do not restore mysql database, otherwise almost all services won't work due to incorrect SQL credentials.

Let's take SQL database iredapd for example. Assume the backup file is /var/vmail/backup/mysql/2021/11/19/iredapd-2021-11-19-23-02-01.sql.bz2.

USE iredapd;
SOURCE /var/vmail/backup/mysql/2021/11/19/iredapd-2021-11-19-23-02-01.sql;

That's it.

You should restore other databases with same steps but different backup files. Again, do not restore the database named mysql.

After restored databases

If you're restoring from an old iRedMail release, you need to update SQL structure first.

For example, If you're restoring iRedMail from 0.9.1 to 0.9.5, you must check upgrade tutorials for iRedMail-0.9.1 and newer releases, then apply all SQL structure changes mentioned in the upgrade tutorials.

You can find all iRedMail upgrade tutorials here.


How to restore OpenLDAP backup


Backup script runs command slapcat to dump whole LDAP tree as a backup copy, it must be restored with command slapadd.

Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and directories may be different on other Linux/BSD distributions, you can find the correct ones in this tutorial: Locations of configuration and log files of major components.

# cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif

Below is sample copy in file

    * LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
    * LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6'    # <- cn=vmail's password

# slappasswd -h '{ssha}' -s '9wr0mHeVYz2uaxSAGBLucVkOgYPSBB'    # <- cn=vmailadmin's password

Below is a sample copy in 2015-05-10-03:01:01.ldif:

dn: cn=vmail,dc=iredmail,dc=org
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line

Replace these two userPassword lines by the newly generated ssha passwords, save your change, exit your text editor.

dn: cn=vmail,dc=iredmail,dc=org
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb

Important note: There's only ONE colon after userPassword string (userPassword:).

# systemctl stop slapd

About file DB_CONFIG

File DB_CONFIG is present if you're running bdb backend. But mdb backend doesn't need any config file for database, so you can ignore this file if you're running mdb backend.

# File: /etc/openldap/slapd.conf

database    bdb
suffix      dc=iredmail,dc=org
directory   /var/lib/ldap/

So you should remove all files under directory /var/lib/ldap/ except /var/lib/ldap/

# cd /var/lib/ldap/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/*
# mv ~/DB_CONFIG .
# systemctl start slapd
# systemctl stop slapd
# slapadd -f /etc/openldap/slapd.conf -l /var/vmail/backup/ldap/2015/05/2015-05-10-03:01:01.ldif
# systemctl restart slapd
Stopping slapd:                                            [  OK  ]
/var/lib/ldap/ is not owned[WARNING]"
/var/lib/ldap/ is not owned by "[WARNING]
Checking configuration files for slapd:  config file testing succeeded
                                                           [  OK  ]
Starting slapd:                                            [  OK  ]

If you see above warning about improper file ownership, please set correct file owner on newly created db files immediately, then restart OpenLDAP service:

# chown ldap:ldap /var/lib/ldap/*
# systemctl restart slapd

If you're restoring LDAP data from an old iRedMail server, you should add missing LDAP attribute/values, which are introduced in newer iRedMail releases, by following step below: After LDAP Restore.

How to restore OpenBSD ldapd(8) backup

iRedMail-0.9.5 and later releases ships script /var/vmail/backup/ for daily backup. It backs up data with command ldapsearch (not slapcat - which is used for OpenLDAP), so you have to restore its data with command ldapadd.

rcctl stop ldapd
rcctl start ldapd
# ldapadd -x -D 'cn=Manager,dc=xx,dc=xx' -W -f /path/to/backup.ldif

If you're restoring LDAP data from an old iRedMail server, you should add missing LDAP attribute/values, which are introduced in newer iRedMail releases, by following step below: After LDAP Restore.

After LDAP restore

If you're restoring from an old iRedMail release, you need to add missing LDAP attribute/values, which are introduced in new iRedMail releases, by running Python scripts below:

For example:

Please open the file you need to run, for example,, find parameters like below:

uri = 'ldap://'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=Manager,dc=example,dc=com'
bind_pw = 'passwd'

Please update them with the correct LDAP prefix (dc=xx,dc=xx) and bind password, then run it with python command: