iRedMail
// Document IndexAttention
Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.
Paid Remote Upgrade Support
We offer remote upgrade support if you don't want to get your hands dirty, check the details and contact us.
/etc/iredmail-release with new iRedMail version numberiRedMail stores the release version in /etc/iredmail-release after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:
1.0
Attention
iRedAPD offers SRS (Sender Rewriting Scheme) support in this release, but it's disabled by default, please read our tutorial to understand known issues and how to enable it: Enable SRS (Sender Rewriting Scheme) support.
Please follow below tutorial to upgrade iRedAPD to the latest stable release: Upgrade iRedAPD to the latest stable release
Please follow this tutorial to upgrade iRedAdmin open source edition to the latest stable release: Upgrade iRedAdmin to the latest stable release
Please follow below tutorial to upgrade mlmmjadmin to the latest stable release: Upgrade mlmmjadmin to the latest stable release
Roundcube 1.4
Since Roundcube 1.3, at least PHP 5.4 is required. If your server is running PHP 5.3 and cannot upgrade to 5.4, please upgrade Roundcube the latest 1.2 branch instead.
The latest Roundcube webmail 1.4.1 offers a shiny new web UI. Please follow Roundcube official tutorial to upgrade Roundcube webmail to the latest stable release (1.4.1):
If you have netdata installed, you can upgrade it by following this tutorial: Upgrade netdata.
iRedMail-0.9.9 and earlier releases didn't configure Postfix to apply custom restriction rule before querying DNS records of sender domain, this way you cannot whitelist some sender mail domains which don't have DNS records (especially your internal mail domains used in LAN). Please follow steps below to fix it.
/etc/postfix/main.cf (Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf (FreeBSD), find parameter
smtpd_sender_restrictions like below:smtpd_sender_restrictions =
reject_unknown_sender_domain
...
check_sender_access pcre:...
reject_unknown_sender_domain line after check_sender_access line
like below:smtpd_sender_restrictions =
...
check_sender_access pcre:...
reject_unknown_sender_domain
Facebook has some new servers which uses <ip>.mail-mail.facebook.com as
HELO identities, this is blocked by the default HELO rules configured by
iRedMail-0.9.9 and earlier releases. Please fix it with EITHER step described
below, but solution 1 is the recommended.
/etc/postfix/helo_access.pcre (Linux/OpenBSD) and
/usr/local/etc/postfix/helo_access.pcre (FreeBSD):/^\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.mail-mail\.facebook\.com$/ DUNNO
helo_access.pcre and remove it./(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery
Reloading or restarting Postfix service is required.
Attention
This applies to only FreeBSD and OpenBSD, NOT Linux.
FreeBSD and OpenBSD has all CAs in file /etc/ssl/cert.pem, but it's
configured by iRedMail to load multiple CA files under /etc/ssl/certs
directory like Linux. Commands below fix this issue.
postconf -e smtpd_tls_CAfile=/etc/ssl/cert.pem
postconf -e smtpd_tls_CApath=''
postfix reload
We received few reports from clients that Outlook for macOS may trigger some
unexpected smtp errors, and caught by the Fail2ban filter rules shipped by
iRedMail, so we decide to remove the filter rule used to match Postfix log
lost connection after EHLO.
Please follow commands below to get the updated filter rules.
cd /etc/fail2ban/filter.d/
wget -O postfix.iredmail.conf https://github.com/iredmail/iRedMail/raw/1.0/samples/fail2ban/filter.d/postfix.iredmail.conf
wget -O dovecot.iredmail.conf https://github.com/iredmail/iRedMail/raw/1.0/samples/fail2ban/filter.d/dovecot.iredmail.conf
Restarting Fail2ban service is required.
With default iRedMail settings, Postfix accepts email without checking whether user's mailbox is over quota, then pipes email to Dovecot LDA for local delivery. If mailbox is over quota, Dovecot can not save message to mailbox and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot directly, then reject email if it's over quota. It saves system resource used to process this email (e.g. spam/virus scanning), and avoids bounce message.
According to the Dovecot settings configured by iRedMail, all mail users
should have LDAP attribute/value pair enabledService=quota-status to use
this service.
cd /root/
wget https://github.com/iredmail/iRedMail/raw/1.0/update/ldap/updateLDAPValues_099_to_1.py
updateLDAPValues_099_to_1.py, set LDAP server
related settings in this file. For example:# Part of file: updateLDAPValues_099_to_1.py
uri = 'ldap://127.0.0.1:389'
basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=vmailadmin,dc=example,dc=com'
bind_pw = 'passwd'
You can find required LDAP credential in iRedAdmin config file or
iRedMail.tips file under your iRedMail installation directory. Using either
cn=Manager,dc=xx,dc=xx or cn=vmailadmin,dc=xx,dc=xx as bind dn is ok, both
of them have read-write privilege to update mail accounts.
# python2 updateLDAPValues_099_to_1.py
Warning
This feature requires Dovecot-2.2 or later releases, do not apply it on Dovecot-2.1.x or earlier versions.
Open Dovecot config file /etc/dovecot/dovecot.conf (Linux/OpenBSD) or
/usr/local/etc/dovecot/dovecot.conf (FreeBSD), find the plugin {} block
and add 3 new parameters:
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
In same dovecot.conf, append settings below at the end of file:
127.0.0.1:12340.12340 to any other spare one if you want.service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
Restarting Dovecot service is required.
Warning
This feature requires Dovecot-2.2 or later releases, do not apply it on Dovecot-2.1.x or earlier versions.
Open Postfix config file /etc/postfix/main.cf (Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf (FreeBSD), find parameter
smtpd_recipient_restrictions and append a new check_policy_service setting
at the end like below:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
Restarting Postfix service is required.
Sometimes you may want/need to know the time of user last login via IMAP/POP3, and here's the tutorial to implement this feature. If you run iRedAdmin-Pro admin panel, it's visiable on the web UI directly.
With default iRedMail settings, Postfix accepts email without checking whether user's mailbox is over quota, then pipes email to Dovecot LDA for local delivery. If mailbox is over quota, Dovecot can not save message to mailbox and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot directly, then reject email if it's over quota. It saves system resource used to process this email (e.g. spam/virus scanning), and avoids bounce message.
vmail.mailbox tableAccording to the Dovecot settings configured by iRedMail, a new SQL column
mailbox.enablequota-status is required.
Download plain SQL file used to create required column and index, then import
it directly as MySQL root user (Please run commands below as root user):
wget -O /tmp/iredmail.mysql https://github.com/iredmail/iRedMail/raw/1.0/update/1.0/iredmail.mysql
mysql vmail < /tmp/iredmail.mysql
rm -f /tmp/iredmail.mysql
Warning
This feature requires Dovecot-2.2 or later releases, do not apply it on Dovecot-2.1.x or earlier versions.
Open Dovecot config file /etc/dovecot/dovecot.conf (Linux/OpenBSD) or
/usr/local/etc/dovecot/dovecot.conf (FreeBSD), find the plugin {} block
and add 3 new parameters:
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
In same dovecot.conf, append settings below at the end of file:
127.0.0.1:12340.12340 to any other spare one if you want.service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
Restarting Dovecot service is required.
Warning
This feature requires Dovecot-2.2 or later releases, do not apply it on Dovecot-2.1.x or earlier versions.
Open Postfix config file /etc/postfix/main.cf (Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf (FreeBSD), find parameter
smtpd_recipient_restrictions and append a new check_policy_service setting
at the end like below:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
Restarting Postfix service is required.
Sometimes you may want/need to know the time of user last login via IMAP/POP3, and here's the tutorial to implement this feature. If you run iRedAdmin-Pro admin panel, it's visiable on the web UI directly.
With default iRedMail settings, Postfix accepts email without checking whether user's mailbox is over quota, then pipes email to Dovecot LDA for local delivery. If mailbox is over quota, Dovecot can not save message to mailbox and generates a "sender non-delivery notification" to sender.
With the change below, Postfix will query mailbox quota status from Dovecot directly, then reject email if it's over quota. It saves system resource used to process this email (e.g. spam/virus scanning), and avoids bounce message.
vmail.mailbox tableAccording to the Dovecot settings configured by iRedMail, a new SQL column
mailbox.enablequota-status is required.
wget -O /tmp/iredmail.pgsql https://github.com/iredmail/iRedMail/raw/1.0/update/1.0/iredmail.pgsql
postgres user and import the SQL file:postgres userpgsql user_postgresql usersu - postgres
psql -d vmail < /tmp/iredmail.pgsql
rm -f /tmp/iredmail.pgsql
Warning
This feature requires Dovecot-2.2 or later releases, do not apply it on Dovecot-2.1.x or earlier versions.
Open Dovecot config file /etc/dovecot/dovecot.conf (Linux/OpenBSD) or
/usr/local/etc/dovecot/dovecot.conf (FreeBSD), find the plugin {} block
and add 3 new parameters:
plugin {
...
# Used by quota-status service.
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
...
}
In same dovecot.conf, append settings below at the end of file:
127.0.0.1:12340.12340 to any other spare one if you want.service quota-status {
executable = quota-status -p postfix
client_limit = 1
inet_listener {
address = 127.0.0.1
port = 12340
}
}
Restarting Dovecot service is required.
Warning
This feature requires Dovecot-2.2 or later releases, do not apply it on Dovecot-2.1.x or earlier versions.
Open Postfix config file /etc/postfix/main.cf (Linux/OpenBSD) or
/usr/local/etc/postfix/main.cf (FreeBSD), find parameter
smtpd_recipient_restrictions and append a new check_policy_service setting
at the end like below:
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:12340
Restarting Postfix service is required.