1

Topic: iRedMail in jail?

Do iRedMail is working in jails?

2

Re: iRedMail in jail?

Sorry, you didn't explain clearly.
Do you mean FreeBSD Jail? iRedMail doesn't work with it.
If you're familar with Jail, patches are always welcome. smile

3

Re: iRedMail in jail?

Yes, I mean FreeBSD Jail. Im using this, and I read that iRedMail is not working in Jail.

I have run nginx in Jail (private IP) and I know how to set up this. Can You tell me what problems You had with iRedMail in Jail?

4

Re: iRedMail in jail?

To be honest, i didn't setup Jail before.
It would be nice if you can provide a detail tutorial of FreeBSD Jail, and try to make iRedMail work with Jail.
Patches are always welcome.

P.S. Will FreeBSD users always use Jail for network services?

5 (edited by dong 2010-11-06 23:25:33)

Re: iRedMail in jail?

You can use simple tool ezjail. Tutorial: http://www.cyberciti.biz/faq/howto-setu … th-ezjail/
When You setup Your first Jail correctly then Jail will be easy for You smile

If You haven't second public IP then You must setup NAT. Im using pf tool. Its my config (/etc/pf.conf)

rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.2 port 80
nat on em0 from 192.168.1.0/24 to any -> 188.165.x.x

em0 - my network interface
192.168.1.2 - IP of my Jail with nginx (http server)
188.165.x.x - Its my host IP.

First line in pf.conf is forwarding port 80 from Jail. Second setup NAT.

Its my rc.conf on host (main computer):

pf_enable="YES"
pf_rules="/etc/pf.conf"
ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255"
ezjail_enable="YES"

Its rc.conf from Jail (virtual machine):

rpc_bind_enable="NO"
sshd_enable="YES"
sendmail_enable="NO"
network_interfaces=""
defaultrouter="188.165.x.x"
early_late_divider="NETWORKING"
ifconfig_em0="inet 192.168.1.2 netmask 255.255.255.255 alias"

spawn_fcgi_enable=YES
mysql_enable=YES
nginx_enable=YES

When You setup this then try Your network connection, put command: 'ftp 87.51.34.132', in Jail ofcourse wink
Its public FTP of FreeBSD.

I don't know postfix and others stuff. Which ports are working only local, and which ports must be forwarding? I will try install iRedMail in Jail. Probably I get errors with port and IPs I will have on my way smile

Im beginner user of FreeBSD and iRedMail. FreeBSD user not always users Jail, but I have some large websites and I want be secured that what is possible smile

6

Re: iRedMail in jail?

Is it possible that, installing iRedMail without Jail, then setup Jail (with ezjail or whatever), then move/convert/migrate mail server related components into Jail?

I guess Jail is a little hard for FreeBSD beginners, maybe it's not a good idea to use it. Otherwise we have to provide two options for FreeBSD users: without Jail and with Jail.

7 (edited by dong 2010-11-07 02:50:03)

Re: iRedMail in jail?

I have some work now. I will try on few days install and migrate iRedMail in Jail.

Its hard? For script or user? After installation only one difference (from user side) is that user must "login" on jail with command: jexec ID csh, and then he can setup what he want in iRedMail.

In install script must be to enter settings "network interface" and "public IP". Network interface user whose install can check this with command ifconfig.

Jail solution for mail server is very secured - less ports is on "world". Only ports from smtp, pop3 and ssl smtp will be in internet, without amavisd and others.

8

Re: iRedMail in jail?

Hope to hear from you later, if possible, we can work together to make it happen, make iRedMail better. smile

9

Re: iRedMail in jail?

If iRedMail is for very very beginer users then I have some suggests:

1. After installation fresh FreeBSD, and install bash form ports we haven't symlink /bin/bash. So we must run command

with /usr/local/bin/bash get_all.sh etc
2. You can add how to download iRedMail, my example:

cd /root
fetch http://iredmail.googlecode.com/files/iRedMail-0.6.1.tar.bz2
tar zxvf iRedMail-0.6.1.tar.bz2

3. When I start install script then I had some problems with postfix install:

cc -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" -

DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\" -DDEF_NEWALIAS_PATH=

\"/usr/local/bin/newaliases\" -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\" -DDEF_MANPAGE_DIR=\"/usr/local/man\" -

DDEF_README_DIR=\"/usr/local/share/doc/postfix\" -DDEF_HTML_DIR=\"/usr/local/share/doc/postfix\" -DDEF_QUEUE_DIR=

\"/var/spool/postfix\" -DDEF_DATA_DIR=\"/var/db/postfix\" -DDEF_MAIL_OWNER=\"postfix\" -DDEF_SGID_GROUP=\"maildrop\" -

DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS -I/usr/include -

I/usr/local/include/db46 -DHAS_MYSQL -I/usr/local/include/mysql -DHAS_LDAP -I/usr/local/include -DHAS_CDB -

I/usr/local/include NO -O2 -fno-strict-aliasing -pipe -DLDAP_DEPRECATED -I. -DFREEBSD8 -c alldig.c
cc: NO: No such file or directory
*** Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/src/util.
*** Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7.
*** Error code 1

Stop in /basejail/usr/ports/mail/postfix26.
*** Error code 1

Stop in /basejail/usr/ports/mail/postfix26.

Im installing MySQL virtual users version, maybe install script settings wrong parameters on 'make install' in

/ports/postfix26?

I fix it manualy installing postfix26 with standard config options:

cd /usr/ports/postfix26/
make clean
make install

I did add line: export status_install_port_mailpostfix26='DONE'
to .iRedMail.installation.status

4. Second compilation error:

===>  Installing for apache-2.2.17_1
===>   apache-2.2.17_1 depends on file: /usr/local/bin/perl5.10.1 - found
** Missing /basejail/usr/ports/www/apache22/files/apache22.in for apache-2.2.17_1.
*** Error code 1

Stop in /basejail/usr/ports/www/apache22.

I had this too before, on installing manualy apache on other jail (maybe its bug of FreeBSD?).

Temporary I added this line to .iRedMail.installation.status:
export status_install_port_wwwapache22='DONE'

And I installed apache20

And end of installing i have some errors depend of apache22:

< INFO > Configure User/Group: vmail.
< INFO > Configure Apache web server and PHP.
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
/root/iRedMail-0.6.1/./functions/apache_php.sh: line 95: /usr/local/www/apache22/data/robots.txt: No such file or 

directory
/root/iRedMail-0.6.1/./functions/apache_php.sh: line 142: /boot/loader.conf: Read-only file system
sed: /usr/local/etc/apache22/httpd.conf: No such file or directory
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
/root/iRedMail-0.6.1/./functions/apache_php.sh: line 158: /usr/local/etc/apache22/httpd.conf: No such file or directory
/root/iRedMail-0.6.1/./functions/apache_php.sh: line 159: /usr/local/etc/apache22/httpd.conf: No such file or directory
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
< INFO > Configure Postfix.
< Backup > /usr/local/etc/postfix/main.cf -> main.cf.2010.11.07.14.28.18.
< Backup > /usr/local/etc/postfix/master.cf -> master.cf.2010.11.07.14.28.18.
< Backup > /etc/mail/mailer.conf -> mailer.conf.2010.11.07.14.28.18.
< INFO > Configure Policyd (postfix policy daemon).
< INFO > Configure Dovecot (pop3/imap server).
< Backup > /usr/local/etc/dovecot.conf -> dovecot.conf.2010.11.07.14.28.18.
< INFO > Configure Procmail (MDA).
< INFO > Configure ClamAV (anti-virus toolkit).
< INFO > Configure Amavisd-new.
< Backup > /usr/local/etc/amavisd.conf -> amavisd.conf.2010.11.07.14.28.18.
< Backup > /usr/local/etc/amavisd.conf -> amavisd.conf.2010.11.07.14.28.18.
< INFO > Configure SpamAssassin (content-based spam filter).
< INFO > Configure Roundcube webmail.
/root/iRedMail-0.6.1/./functions/roundcubemail.sh: line 218: /usr/local/etc/apache22/Includes/roundcubemail.conf: No 

such file or directory
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
< INFO > Configure phpMyAdmin (web-based MySQL management tool).
/root/iRedMail-0.6.1/./functions/phpmyadmin.sh: line 27: /usr/local/etc/apache22/Includes/phpmyadmin.conf: No such file 

or directory
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
< INFO > Configure PostfixAdmin (web-based mail account management tool).
/root/iRedMail-0.6.1/./functions/postfixadmin.sh: line 33: /usr/local/etc/apache22/Includes/postfixadmin.conf: No such 

file or directory
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
< INFO > Configure Awstats (logfile analyzer for mail and web server).
/root/iRedMail-0.6.1/./functions/awstats.sh: line 39: /usr/local/etc/apache22/Includes/awstats.conf: No such file or 

directory
/root/iRedMail-0.6.1/./functions/awstats.sh: line 48: /usr/local/etc/apache22/Includes/awstats.conf: No such file or 

directory
/root/iRedMail-0.6.1/./functions/awstats.sh: line 78: /usr/local/etc/apache22/Includes/awstats.conf: No such file or 

directory
Can't open /usr/local/etc/apache22/httpd.conf: No such file or directory.
/root/iRedMail-0.6.1/./functions/awstats.sh: line 94: /usr/local/etc/apache22/Includes/awstats.conf: No such file or 

directory
/root/iRedMail-0.6.1/./functions/awstats.sh: line 141: /usr/local/etc/apache22/Includes/awstats.conf: No such file or 

directory
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
Can't open /usr/local/etc/apache22/extra/httpd-ssl.conf: No such file or directory.
< Backup > /usr/local/www/awstats/cgi-bin/awstats.model.conf -> awstats.model.conf.2010.11.07.14.28.18.

iRedMail is installed now. I will check this. I write report later smile

10

Re: iRedMail in jail?

Okay. First test results:
- On forwarding port 110 mail is working, its mean I can login to mail from MS Outlook.
- I can't sent mail from my mail, maillog:

Nov  7 15:24:55 poczta postfix/trivial-rewrite[78478]: fatal: proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup
problem
Nov  7 15:24:56 poczta postfix/smtpd[78327]: warning: problem talking to service rewrite: Unknown error: 0
Nov  7 15:24:56 poczta postfix/master[72462]: warning: process /usr/local/libexec/postfix/trivial-rewrite pid 78478 exit status 1
Nov  7 15:24:56 poczta postfix/master[72462]: warning: /usr/local/libexec/postfix/trivial-rewrite: bad command startup -- throttling

And other:

Nov  7 15:24:39 poczta postfix/proxymap[78328]: warning: connect to mysql server 127.0.0.1: Host '192.168.1.1' is not allowed to connect to this MySQL server

I tried sent e-mail from outer mail (free mail hosting) - not working.

Can You me tell which ports must me "open on internet"? I don't know how this software working too good. I know that I must forwarding from jail port 25 (smtp) and 110 (pop3). Its all?

11

Re: iRedMail in jail?

Here is port list:
http://www.iredmail.org/forum/topic209- … ports.html

Nov  7 15:24:55 poczta postfix/trivial-rewrite[78478]: fatal: proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_domains.cf(0,lock|fold_fix): table lookup
problem

Seems Postfix can't connect to MySQL.
Maybe you can try to connect MySQL via TCP/IP instead of local unix socket?

12

Re: iRedMail in jail?

Im installing MySQL virtual users version, maybe install script settings wrong parameters on 'make install' in
/ports/postfix26?

All config options are set in /var/db/ports/postfix/options. Can you help check them?

13 (edited by dong 2010-11-08 00:30:00)

Re: iRedMail in jail?

Its options:

WITH_PCRE=true
WITHOUT_SASL2=true
WITH_DOVECOT=true
WITHOUT_SASLKRB=true
WITHOUT_SASLKRB5=true
WITHOUT_SASLKMIT=true
WITH_TLS=true
WITH_BDB=true
WITH_MYSQL=true
WITHOUT_PGSQL=true
WITH_OPENLDAP=true
WITH_CDB=true
WITHOUT_NIS=true
WITHOUT_VDA=true
WITHOUT_TEST=true

But I can try disable something.

WITH_TLS=true
WITH_BDB=true
WITH_OPENLDAP=true
WITH_CDB=true

Its needed for working of iRedMail?

14 (edited by dong 2010-11-08 01:09:42)

Re: iRedMail in jail?

Seems Postfix can't connect to MySQL.

I was set:
192.168.1.1<---><------><------>localhost localhost.my.domain
in /ets/hosts and this error is fixed smile

I dont know why but my amavid wasn't started. I start him manually.

And next error:

Nov  7 16:38:34 poczta amavis[85011]: (!)DENIED ACCESS from IP 192.168.1.1, policy bank ''
Nov  7 16:38:34 poczta postfix/smtp[84875]: CA9371B27E03: to=<qwerty232323@o2.pl>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.43, delays=0.43/0/0/0, dsn=4.4.2, st
atus=deferred (lost connection with 127.0.0.1[127.0.0.1] while receiving the initial server greeting)
Nov  7 16:38:36 poczta postfix/smtpd[78327]: disconnect from bqm10.neoplus.adsl.tpnet.pl[83.29.80.10]

I will ask on FreeBSD forum how to setup something like alias 127.0.0.1 for 192.168.1.1. But other way - we can change IP in /postfix/main.cf i think.

15

Re: iRedMail in jail?

I tried to install iRedMail again. I fix problems with apache22 (its error in mail port tree). Still I have error with install postfix26. I cant install this from install script but I can install this with commands:
cd /usr/ports/mail/postfix26
make clean
make install clean

(without make config) smile I dont know bash scripts etc, i cant find source of this problem.

But something else interesing me... when installing is finishing its looking that:

daily.cld updated (version: 12213, sigs: 144965, f-level: 53, builder: arnaud)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 89, sigs: 10, f-level: 53, builder: edwin)
Database updated (849702 signatures) from database.clamav.net (IP: 193.218.105.9)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock
connect(): No such file or directory
kldload: can't load accf_http: Operation not permitted
Start: not found
Stopping mysql.
Waiting for PIDS: 95112.
Starting mysql.
Start: not found
dovecot not running? (check /var/run/dovecot/master.pid).
Starting dovecot.
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Start: not found
amavisd not running?
Starting amavisd.
Start: not found
postfix/postfix-script: fatal: the Postfix mail system is not running
postfix/postfix-script: starting the Postfix mail system
Start: not found
postfix_policyd_sf not running? (check /var/run/postfix-policyd-sf.pid).
Starting postfix_policyd_sf.
Start: not found
clamav_clamd not running?
Starting clamav_clamd.
Start: not found
clamav_freshclam not running? (check /var/run/clamav/freshclam.pid).
Starting clamav_freshclam.
Start: not found
Performing sanity check on apache22 configuration:
Syntax OK
apache22 not running? (check /var/run/httpd.pid).
Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.

A lot of errors. Its normal Zhang?

16

Re: iRedMail in jail?

dong wrote:
WITH_TLS=true
WITH_BDB=true
WITH_OPENLDAP=true
WITH_CDB=true

Its needed for working of iRedMail?

WITH_OPENLDAP=true is optional if you use MySQL to store virtual mail accounts. But if you want to migrate from MySQL to OpenLDAP, you don't need to re-compile it. It's up to you.

TLS, BDB, CDB are required.

17

Re: iRedMail in jail?

dong wrote:

I cant install this from install script but I can install this with commands:
cd /usr/ports/mail/postfix26
make clean
make install clean
(without make config)

I don't know why it happened. In early edition of iRedMail, with older FreeBSD ports tree, it works well. I didn't change any config options, that make me confused.

dong wrote:

Start: not found

Not sure why it raises this error message.

18

Re: iRedMail in jail?

Temporary I added host % to user vmail in MySQL and I added/modified this lines in amavisd.conf

@inet_acl   = qw( 127.0.0.1 192.168.1.1 );  # allow SMTP access only from localhost
@mynetworks = qw( 192.168.1.1 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

postfix/main.cf

mynetworks = 127.0.0.0/8, 192.168.1.1
content_filter = smtp-amavis:[192.168.1.1]:10024

postfix/master.cf

192.168.1.1:10025 inet n  -   -   -   -  smtpd
    -o mynetworks=127.0.0.0/8, 192.168.1.1

And I haven't more errors with MySQL and amavisd. But I have other errors:

Nov  8 11:30:44 poczta amavis[79513]: (79513-02-2) (!)rw_loop: leaving rw loop, no progress, last event (select) 35.005 s ago
Nov  8 11:30:44 poczta amavis[79513]: (79513-02-2) (!)FWD via SMTP: <www@poczta.host.org> -> <qwerty232323@o2.pl>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 114)
line 596, <GEN19> line 384.): id=79513-02-2
Nov  8 11:30:44 poczta amavis[79513]: (79513-02-2) Blocked MTA-BLOCKED, LOCAL [83.29.80.10] [83.29.80.10] <www@poczta.host.org> -> <qwerty232323@o2.pl>, Message-ID: <008701cb7f38$01639270$042ab750$@alfaholic
y.org>, mail_id: phIcgmojyCwn, Hits: -9.998, size: 2685, 57058 ms
Nov  8 11:30:44 poczta postfix/smtp[79491]: 27B201B27EBC: to=<qwerty232323@o2.pl>, relay=192.168.1.1[192.168.1.1]:10024, conn_use=2, delay=149, delays=0.6/92/0/57, dsn=4.5.0, status=deferred (host 192.168.1.1[192.
168.1.1] said: 451 4.5.0 id=79513-02-2 - Temporary MTA failure on relaying, From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 114) line 596, <GEN19> line 384.): id=79513-02-2 (in reply t
o end of DATA command))
Nov  8 11:30:51 poczta postfix/smtpd[79677]: fatal: unexpected command-line argument: 192.168.1.1
Nov  8 11:30:51 poczta postfix/smtpd[79678]: fatal: unexpected command-line argument: 192.168.1.1
Nov  8 11:30:52 poczta postfix/master[79487]: warning: process /usr/local/libexec/postfix/smtpd pid 79677 exit status 1
Nov  8 11:30:52 poczta postfix/master[79487]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Nov  8 11:30:52 poczta postfix/master[79487]: warning: process /usr/local/libexec/postfix/smtpd pid 79678 exit status 1

I can't found on Google where problem is. Maybe You know?

19

Re: iRedMail in jail?

Nov  8 11:30:44 poczta amavis[79513]: (79513-02-2) (!)FWD via SMTP: <www@poczta.host.org> -> <qwerty232323@o2.pl>, 451 4.5.0 From MTA([127.0.0.1]:10025) during fwd-connect (Negative greeting:  at (eval 114)
line 596, <GEN19> line 384.): id=79513-02-2
Nov  8 11:30:44 poczta amavis[79513]: (79513-02-2) Blocked MTA-BLOCKED, LOCAL [83.29.80.10] [83.29.80.10] <www@poczta.host.org> -> <qwerty232323@o2.pl>, Message-ID: <008701cb7f38$01639270$042ab750$@alfaholic
y.org>, mail_id: phIcgmojyCwn, Hits: -9.998, size: 2685, 57058 ms

Not sure why it happened.

Please ask in amavisd mail list:
http://www.ijs.si/software/amavisd/#support

20

Re: iRedMail in jail?

Do you have these two settings in amavisd.conf?

$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';

Try to replace '127.0.0.1', restart amavisd service and test again.

21

Re: iRedMail in jail?

Zhang this solution don't working. But I turned off amavisd temporary and sending mails is working smile We are close to make this working tongue

22

Re: iRedMail in jail?

I found solution.

Nov  8 11:30:51 poczta postfix/smtpd[79677]: fatal: unexpected command-line argument: 192.168.1.1

Its mean that errors is here:

    -o mynetworks=127.0.0.0/8, 192.168.1.1

Peoples from BSD dont replied on my answer about my problems with 127.0.0.1. But seding mails with amavisd is working when I replace 127.0.0.1 to 192.168.1.1

I will try install new jail again and I will configuring all fine from begining - I write something what I must do smile

23

Re: iRedMail in jail?

That's cool. big_smile

Waiting for your tutorial. Maybe you can write in our wiki directly?
http://iredmail.org/wiki/

24

Re: iRedMail in jail?

I will be very proud, but my english is very simple. Can I post on forum and You will be reword my text? I don't want post on wiki something writing like 12 years old child smile

25

Re: iRedMail in jail?

Posting in forum is ok too.
Don't worry about your English smile