Backup and restore

Backup

Backup mailboxes

All mailboxes are stored under /var/vmail/vmail1 by default, this path is configurable during iRedMail installation, so the real directory may be different on your server.

Mail messages are stored in Maildir format by default, that means one mail message is one plain text file (but mail body is encoded), you can backup mailboxes with tool like rsync or other backup tools.

After restored mailboxes, /var/vmail/vmail1 must be owned by user vmail, group vmail, permission 0700 on iRedMail server.

Backup mail accounts

Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts to backup SQL/LDAP databases, you can find them in downloaded iRedMail release, or find them in iRedMail source code repository:

iRedMail will setup a daily cron job to run backup script(s) during installation, so what you need to do is checking whether or not they're defined as cron jobs with below commands:

# crontab -l -u root

Sample output on an iRedMail server with OpenLDAP backend:

# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1   3   *   *   *   /bin/bash /var/vmail/backup/backup_openldap.sh

# iRedMail: Backup MySQL databases every day on 03:10 AM
10   3   *   *   *   /bin/bash /var/vmail/backup/backup_mysql.sh

Notes:

Backup additional data manually

Restore

How to restore SQL databases

You can simply restore plain SQL files backed up by above backup scripts.

Warning

If you're restoring on a NEW iRedMail server, do NOT restore the database which is named mysql exported from old server, it contains SQL usernames and passwords used in many components (e.g. Postfix, Dovecot, Roundcube webmail) on old server. New iRedMail server already has the same SQL accounts with different passwords, so please do not restore mysql database, otherwise almost all services won't work due to incorrect SQL credentials.

Let's take SQL database iredapd for example. Assume the backup file is /var/vmail/backup/mysql/2021/11/19/iredapd-2021-11-19-23-02-01.sql.bz2.

USE iredapd;
SOURCE /var/vmail/backup/mysql/2021/11/19/iredapd-2021-11-19-23-02-01.sql;

That's it.

You should restore other databases with same steps but different backup files. Again, do not restore the database named mysql.

After restored databases

If you're restoring from an old iRedMail release, you need to update SQL structure first.

For example, If you're restoring iRedMail from 0.9.1 to 0.9.5, you must check upgrade tutorials for iRedMail-0.9.1 and newer releases, then apply all SQL structure changes mentioned in the upgrade tutorials.

You can find all iRedMail upgrade tutorials here.

LDAP

Attention

How to restore OpenLDAP backup

Backup script runs command slapcat to dump whole LDAP tree as a backup, it must be so restored with command slapadd.

Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and directories may be different on other Linux/BSD distributions, you can find the correct ones in this tutorial: Locations of configuration and log files of major components.

# cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif

Below is sample copy in file iRedMail.tips.

OpenLDAP:
    ...
    * LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
    * LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6'    # <- cn=vmail's password
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd

# slappasswd -h '{ssha}' -s '9wr0mHeVYz2uaxSAGBLucVkOgYPSBB'    # <- cn=vmailadmin's password
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb

Below is a sample copy in 2015-05-10-03:01:01.ldif:

dn: cn=vmail,dc=iredmail,dc=org
...
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line
...

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ=  # <- remove this line
 =                                                                              # <- remove this line
...

Replace these two userPassword lines by the newly generated ssha passwords, save your change, exit your text editor.

dn: cn=vmail,dc=iredmail,dc=org
...
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
...

dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
...

Important note: There's only ONE colon after userPassword string (userPassword:).

# /etc/init.d/ldap stop

About file DB_CONFIG

File DB_CONFIG is present if you're running bdb backend. But mdb backend doesn't need any config file for database, so you can ignore this file if you're running mdb backend.

# File: /etc/openldap/slapd.conf

...
database    bdb
suffix      dc=iredmail,dc=org
directory   /var/lib/ldap/iredmail.org
...

So you should remove all files under directory /var/lib/ldap/iredmail.org except /var/lib/ldap/iredmail.org/DB_CONFIG.

# cd /var/lib/ldap/iredmail.org/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/iredmail.org/*
# mv ~/DB_CONFIG .
# /etc/init.d/slapd start
# /etc/init.d/slapd stop
# slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
# /etc/init.d/slapd start
Stopping slapd:                                            [  OK  ]
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]"
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by "[WARNING]
...
Checking configuration files for slapd:  config file testing succeeded
                                                           [  OK  ]
Starting slapd:                                            [  OK  ]

If you see above warning about improper file ownership, please set correct file owner on newly created bdb files immediately, then restart OpenLDAP service:

# chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
# /etc/init.d/ldap restart

If you're restoring LDAP data from an old iRedMail server, you should add missing LDAP attribute/values, which are introduced in newer iRedMail releases, by following step below: After LDAP Restore.

How to restore OpenBSD ldapd(8) backup

iRedMail-0.9.5 and later releases ships script /var/vmail/backup/backup_ldapd.sh for daily backup. It backs up data with command ldapsearch (not slapcat - which is used for OpenLDAP), so you have to restore its data with command ldapadd.

rcctl stop ldapd
rcctl start ldapd
# ldapadd -x -D 'cn=Manager,dc=xx,dc=xx' -W -f /path/to/backup.ldif

If you're restoring LDAP data from an old iRedMail server, you should add missing LDAP attribute/values, which are introduced in newer iRedMail releases, by following step below: After LDAP Restore.

After LDAP restore

If you're restoring from an old iRedMail release, you need to add missing LDAP attribute/values, which are introduced in new iRedMail releases, by running Python scripts below: https://github.com/iredmail/iRedMail/tree/master/update/ldap

For example:

Please open the file you need to run, for example, updateLDAPValues_094_to_095.py, find parameters like below:

uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=Manager,dc=example,dc=com'
bind_pw = 'passwd'

Please update them with the correct LDAP prefix (dc=xx,dc=xx) and bind password, then run it with python command:

python updateLDAPValues_094_to_095.py