iRedMail
// Document IndexAttention
Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.
We provide remote upgrade service, check the price and contact us.
NOTE: Horde webmail was removed. Users want to migrate to Roundcube webmail please go to our online support forum for help.
Remove ldap_virtual_mailbox_maps.cf in Postfix virtual_mailbox_maps.
# OLD setting
#virtual_mailbox_maps = ldap:/etc/postfix/ldap_accounts.cf, ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
# NEW setting
virtual_mailbox_maps = ldap:/etc/postfix/ldap_accounts.cf
# chmod 0644 /etc/cron.d/sa-update
Copy /etc/localtime to /var/spool/postfix/etc/ solves this issue:
# cp /etc/localtime /var/spool/postfix/etc/
Reference: Confusing timestamp in /var/log/secure (UTC time instead of localtime)
userPassword and accountStatus are optional for objectclass mailAdmin (2008.03.25).Please use the newest schema file to replace the old one:
# cp /etc/openldap/schema/iredmail.schema /opt/backup/
# cd /tmp/
# wget http://iredmail.googlecode.com/svn/trunk/iRedMail/samples/iredmail.schema
# rm -f /etc/openldap/schema/iredmail.schema
# mv /tmp/iredmail.schema /etc/openldap/schema/
# /etc/init.d/ldap restart
domainStatus is deprecated.accountStatus for each mail domain with phpLDAPadmin or other LDAP admin tool.Change below files to use accountStatus instead.
Send mail to exist mail user and make sure accountStatus works for you.
domainStatus in each domain.Edit /etc/openldap/slapd.conf, add several lines like below:
#
# Allow users to access their own domain subtree.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by dn.regex="mail=[^,]+,ou=Users,domainName=$1,o=domains,dc=iredmail,dc=org$" read
by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=iredmail,dc=org$" read # <-- Add this line.
by users none
#
# Enable vmail/vmailadmin.
#
access to dn.subtree="o=domains,dc=iredmail,dc=org"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by dn.regex="mail=[^,]+,domainName=$1,o=domains,dc=iredmail,dc=org$" read
by users read
########################################################
################# Add below lines ######################
########################################################
access to dn.subtree="o=domainAdmins,dc=iredmail,dc=org"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by users none
# chown vmail:vmail /etc/pysieved.ini
# /etc/init.d/pysieved restart
/var/www/html/robots.txt file to disallow search engines. Content:User-agent: *
Disallow: /mail
Disallow: /webmail
Disallow: /roundcube
Disallow: /phpldapadmin
Disallow: /ldap
Disallow: /mysql
Disallow: /phpmyadmin
Disallow: /awstats
/etc/php.ini. Thanks david(at)knapp(dot)org.disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, proc_open
/home/vmail below to fit your environment.# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox ADD COLUMN storagebasedirectory VARCHAR(255) DEFAULT '/home/vmail';
vmail.enablesieve to vmail.enablemanagesieve:# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox CHANGE COLUMN enablesieve enablemanagesieve TINYINT(1);
/etc/pysieved.ini:[Dovecot]
service = managesieve
vmail.mailbox table:# mysql -uroot -p vmail
mysql> ALTER TABLE mailbox ADD COLUMN employeeid VARCHAR(255) DEFAULT NULL;
mysql> ALTER TABLE mailbox ADD COLUMN lastlogindate DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00';
mysql> ALTER TABLE mailbox ADD COLUMN lastloginprotocol CHAR(255) NOT NULL DEFAULT '';
enabledService=forward in mail forwarding address lookup:
/etc/postfix/ldap_virtual_alias_maps.cf.query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=forward))
/etc/openldap/slapd.conf:index domainAdmin,domainGlobalAdmin,domainBackupMX eq,pres
index listAllowedUser,accessPolicy eq,pres
index memberOfGroup eq,pres
After added above line, please stop openldap and run slapindex in database directory:
# /etc/init.d/ldap stop
# cd /var/lib/ldap/iredmail.org/
# slapindex
# chown ldap:ldap *
# /etc/init.d/ldap start
LDAP backend only: Mail group/list implemented of LDAP is changed.
mailUser has a new attribute: memberOfGroup, used to store
group name (a valid email address)./etc/postfix/main.cf:virtual_alias_maps =
ldap:/etc/postfix/ldap_virtual_alias_maps.cf,
ldap:/etc/postfix/ldap_virtual_group_maps.cf # Add this lookup file.
Create /etc/postfix/ldap_virtual_group_maps.cf:
server_host = 127.0.0.1
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = cn=vmail,dc=iredmail,dc=org
bind_pw = KrxIkebDaRWb81yHdetBPt0UXC6NVZ
search_base = domainName=%d,o=domains,dc=iredmail,dc=org
scope = sub
query_filter = (&(memberOfGroup=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=deliver))
result_attribute= mail
debuglevel = 0
Remove (objectClass=mailList) in query_filter line in /etc/postfix/ldap_virtual_alias_maps.cf:
#query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
enabledService=senderbcc and enabledService=recipientbcc for all
domains/users allowed bcc feature.File: /etc/postfix/ldap_sender_bcc_maps_domain.cf.
query_filter = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail)(enabledService=senderbcc))
File: /etc/postfix/ldap_recipient_bcc_maps_domain.cf.
query_filter = (&(domainName=%d)(objectClass=mailDomain)(domainStatus=active)(enabledService=mail)(enabledService=recipientbcc))
File: /etc/postfix/ldap_sender_bcc_maps_user.cf.
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
File: /etc/postfix/ldap_recipient_bcc_maps_user.cf.
query_filter = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
Add backup mx control in domain lookup file:
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx='0' AND active='1' AND expired >= NOW()
* For OpenLDAP backend: /etc/postfix/ldap_virtual_mailbox_domains.cf
query_filter = (&(objectClass=mailDomain)(domainName=%s)(!(domainBackupMX=yes))(domainStatus=active)(enabledService=mail))
* LDAP backend only: Add group mail and alias support for openldap backend, you have to change virtual alias lookup file: /etc/postfix/ldap_virtual_alias_maps.cf.
search_base = domainName=%d,o=domains,dc=iredmail,dc=org
scope = sub
query_filter = (&(mail=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailList)(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
result_attribute= mailForwardingAddress
mail_location = maildir:/%Lh/:INDEX=/%Lh/
and dovecot-mysql.conf (if you use MySQL as backend) should be changed too:
user_query = SELECT CONCAT(storagebasedirectory, '/', maildir) AS home, \
and dovecot-ldap.conf (if you use OpenLDAP as backend) should be changed too:
user_attrs = =sieve_dir=/home/vmail/sieve/%Ld/%Ln/,storageBaseDirectory=home,mailMessageStore=mail=maildir:~/%$/Maildir/,mailQuota=quota_rule=*:bytes=%$
'filter' => "(&(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(&(objectClass=mailList)(hasMember=yes))(objectClass=mailAlias)(objectClass=mailUser)))", // Search mail users, lists, aliases.
New settings in /var/www/roundcubemail-x.y.z/config/main.inc.php:
log_driver syslog
syslog_id roundcube syslog_facility LOG_MAIL mime_param_folding 1 identities_level 3 quota_zero_as_unlimited TRUE
LDAP backend only: Replace 'gn' by 'givenName' in global LDAP address book. (2009.03.15)
# File: /var/www/roundcubemail-x.y.z-stable/config/main.inc.php
'search_fields' => array('mail', 'cn', 'givenName', 'sn'), // fields to search in
'firstname_field' => 'givenName', // this field represents the contact's first name
iRedMail-0.5.0 supports automatically adding a disclaimer to all outgoing emails with Amavisd-new + alterMIME.
Install altermime from iRedMail yum repository:
# yum install altermime.i386
* For x86_64:
# yum install altermime.x86_64
# mkdir -p /etc/postfix/disclaimer/
allow_disclaimers in $policy_bank{'MYNET'}:$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
[ ... skip other settings here ...]
allow_disclaimers => 1, # enables disclaimer insertion if available
};
# ------------ Disclaimer Setting ---------------
$altermime = '/usr/bin/altermime';
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
# Disclaimer in plain text formart.
@altermime_args_disclaimer = qw(--disclaimer=/etc/postfix/disclaimer/_OPTION_.txt);
@disclaimer_options_bysender_maps = ({
# Per-domain disclaimer setting: /etc/postfix/disclaimer/host1.iredmail.org.txt
#'host1.iredmail.org' => 'host1.iredmail.org',
# Sub-domain disclaimer setting: /etc/postfix/disclaimer/iredmail.org.txt
#'.iredmail.org' => 'iredmail.org',
# Per-user disclaimer setting: /etc/postfix/disclaimer/boss.iredmail.org.txt
#'boss@iredmail.org' => 'boss.iredmail.org',
# Catch-all disclaimer setting: /etc/postfix/disclaimer/default.txt
'.' => 'default',
},);
# ------------ End Disclaimer Setting ---------------
# echo 'Testing disclaimer.' > /etc/postfix/disclaimer/default.txt
# /etc/init.d/amavisd restart