51

Re: Wishlist for iRedMail-0.8.0

Many users ask for calendar server, but i prefer to keep iRedMail as a **MAIL** server solution, with minimal 3rd-party softwares.
The better way i prefer is providing addition FAQs/tutorials to help admins achieve them.

If we really want to integrate it into core iRedMail script, it's better to public integration documentation first, asking help for testing from users who are interested in, then integrate it.

Do you have any experience with calendar server (calendarserver.org)? I'm glad to public it on wiki site if you can share with us. smile

P.S. We do need a new topic for calendar server discussion.

52

Re: Wishlist for iRedMail-0.8.0

please add ntp to the install-packages

this way we always have the correct time on the server smile

furthermore it is needed for proper openldap-replication - this way we can just copy+paste the ntp.conf to the secondary server

53

Re: Wishlist for iRedMail-0.8.0

maybe we can set the RSA-Key default to 2048 or even 4096?

54

Re: Wishlist for iRedMail-0.8.0

mike.f wrote:

please add ntp to the install-packages

Some users reported that if they ran ntp, dovecot will stop suddenly. So i prefer to leave it to admins.

mike.f wrote:

maybe we can set the RSA-Key default to 2048 or even 4096?

Do you mean OpenSSH daemon? Well, again, leave it to admins.

But we can add ntp and change SSH setting in iRedOS, because we are pretty sure this OS is a FRESH one:
http://www.iredmail.org/forum/topic1890 … sting.html

55

Re: Wishlist for iRedMail-0.8.0

ZhangHuangbin wrote:
mike.f wrote:

maybe we can set the RSA-Key default to 2048 or even 4096?

Do you mean OpenSSH daemon? Well, again, leave it to admins.

meaning tools/generate_ssl_keys.sh

56

Re: Wishlist for iRedMail-0.8.0

how about postfwd......

57

Re: Wishlist for iRedMail-0.8.0

tim wrote:

how about postfwd......

We have policyd.

58

Re: Wishlist for iRedMail-0.8.0

mike.f wrote:

meaning tools/generate_ssl_keys.sh

A longer key makes the application more secure, but it can slow performance.
A shorter key makes encryption and decryption faster, but lowers security.

Currently, 1024 is minimal recommended length, i prefer to keep it.

I found another blog here, just a reference:

Switching from 1024- to 2048-bit RSA (RSA-2048) results in signing operations that take up to six times longer. In many instances, a performance penalty of this magnitude may simply be unacceptable.

59

Re: Wishlist for iRedMail-0.8.0

well - 1024 is not recomended but rather depreciated by the mentioned blog-site

In the period of 1 January 2011 through 31 December 2013, 1024-bit keys are allowed, but their use is deprecated.

So at least we should use 2048 as "best practice-minimum" - the performance issue mentioned in the blog should not be any problem at all. And if somebody really needs such a weak key should do it on his own wink

Further reading: Mozilla-Wiki, Microsoft-TechNet

60

Re: Wishlist for iRedMail-0.8.0

Thanks for your links, you convinced me of switching to 2048 as default key length, i committed this change moment ago:
http://code.google.com/p/iredmail/sourc … e06d2d9186

It will be the default key length in iRedMail-0.7.1, which is scheduled to be released on May 01.

61

Re: Wishlist for iRedMail-0.8.0

thank you Zhang,

extended proposition: if admin has already set the key-size to be larger than that hard-coded-value it would be nice to accept the admin chosen-size. Maybe some kind of

grep ^default_bits /etc/ssl/openssl.cnf 


if key is less than 2048 use the hard-coded value
if admin already set it to be more-use admin's-preference

62

Re: Wishlist for iRedMail-0.8.0

mike.f wrote:

extended proposition: if admin has already set the key-size to be larger than that hard-coded-value it would be nice to accept the admin chosen-size.

It's a good idea. But i don't want to do it now.

'default_bits' in openssl.cnf is set by OS provider, i prefer to use the system default value since we don't use it in iRedMail related components.

I bet there will be more and more minor improvement requests like this one, such as tuning software X/Y/Z, adjust system config files A/B/C. iRedMail is a standalone bundle, we'd better not to touch files we don't need directly, and leave them to admins.

It's better to create an customized ISO image with these deep tuning/improvements, for example, iRedOS. What do you think? Any interesting? If you can lead this project, i'm in.

63

Re: Wishlist for iRedMail-0.8.0

After installation i always set the defaults to my own needs: so in the above example of "default_bits" my setting is often 4096 - your hardcoded script overrules my system-defaults with weaker key-size sad

As for the improvements and tuning of the system-software i will provide a bit knowledge into the wiki so we can leave it to the admins to decide what they want/need smile

Thanks for the proposition - but for the moment i have to focus on my customer's needs and my timetable is quite full for the next few ... long time big_smile
but i will keep an eye on it wink

I like your idea of iRedOS - but many customers start with a small mailserver on their own, afterwards they want some calendar-sharing ... then it comes to samba-shares ....
So the starting point with ldap gives a nice and fast rollout .... need to work out the points afterwards roll

64

Re: Wishlist for iRedMail-0.8.0

mike.f wrote:

After installation i always set the defaults to my own needs: so in the above example of "default_bits" my setting is often 4096 - your hardcoded script overrules my system-defaults with weaker key-size

Fixed moment ago:
http://code.google.com/p/iredmail/sourc … c586ec71a5

It will check 'default_bits' in openssl.cnf first, if it's greater or equal to 2048, iRedMail will use it. Otherwise, uses 2048.

65 (edited by node 2011-04-26 15:10:56)

Re: Wishlist for iRedMail-0.8.0

GENTOO SUPPORT!!!

Any one have idea how I can run iRedMail on Gentoo!?!!

66

Re: Wishlist for iRedMail-0.8.0

node wrote:

GENTOO SUPPORT!!!

I didn't use Gentoo before, that could be the biggest problem to me. If you can help test it on Gentoo, we can work together to make it happen.

  • How to install packages on Gentoo. Is it possible to install binary packages? Or we have to install them with emerge? You should help decide this, and specify related USE flags.

  • Confirm file locations of related config files. It should be easy after we have packages installed.

These are major steps. It could be easy after we have required packages installed.

67

Re: Wishlist for iRedMail-0.8.0

ZhangHuangbin wrote:
mike.f wrote:

please add ntp to the install-packages

Some users reported that if they ran ntp, dovecot will stop suddenly. So i prefer to leave it to admins.

Dovecot kills itself if the OS time is going backwards by 5 sec. or more.
It can happen if you don't synchronize often enough, or if you're running the OS in a virtual environment as VMware.

If you're on VMware you HAVE to install the VMtools to autocorrect time-drifting on the Virtual Machine.

68

Re: Wishlist for iRedMail-0.8.0

new wiki-article Keep your computer-time in sync for admins wink

69

Re: Wishlist for iRedMail-0.8.0

mike.f wrote:

new wiki-article Keep your computer-time in sync for admins wink

Thanks for your contribution, it's very clear. smile

70

Re: Wishlist for iRedMail-0.8.0

Hi,
looking at your site, nice mail-server.
just a few thinks, i think every one will need, that's if it not their already, if it is, my-bad.

a) can a setup with one domain, say mydomain.com have an alias domain added to it, say mydomain2.com, and all the users of mydomain.com will auto have mydomain2.com as well. eg: i created a user (madmax) under mydomain.com can i send an email to that user from gmail using madmax@mydomain2.com and it get put in is mydoamin.com mail box?

71

Re: Wishlist for iRedMail-0.8.0

fbifido wrote:

a) can a setup with one domain, say mydomain.com have an alias domain added to it, say mydomain2.com, and all the users of mydomain.com will auto have mydomain2.com as well. eg: i created a user (madmax) under mydomain.com can i send an email to that user from gmail using madmax@mydomain2.com and it get put in is mydoamin.com mail box?

Already achieved in iRedMail. You can manage alias domains with PostfixAdmin or iRedAdmin-Pro.

Screenshot of iRedAdmin-Pro:
http://screenshots.iredmail.googlecode.com/hg/iredadmin/domain_profile_alias.png

72

Re: Wishlist for iRedMail-0.8.0

b) Is there a way to block an extension? (but, see b1)

say a zip file or doc.doc files or from a list of band file and send or attach a message saying "the file was remove, please contack your admin ...etc".

b1) have a a part that you can put an email address, so any band file will get send to that email address?
eg: remove.attachment@mydomain.com

b2) all so a list of email band attachments. like .exe .zip .vbs .bat ...etc? and the option to add your own to the list?

73

Re: Wishlist for iRedMail-0.8.0

c) out-of-office message?
can you make it so there is an out of office message option with start & end date of the message, to make it easy for a user to put their own message and date.

d) Is there a way to pop emails from a backup server like Godady?

e) is there a way to send all email from verified user using your isp mail server, that way  you can help stop spam, virus and prevent my ip from been black-listed, its a real pain to get unlisted?

74 (edited by fbifido 2011-04-28 01:00:45)

Re: Wishlist for iRedMail-0.8.0

Nice one ZhangHuangbin.

and thank you.


(sorry for posting reply on this wishlist)

75

Re: Wishlist for iRedMail-0.8.0

fbifido wrote:

b) Is there a way to block an extension? (but, see b1)

It's possible. Reference:
http://www.faqforge.com/linux/controlpa … pconfig-3/

fbifido wrote:

c) out-of-office message?
can you make it so there is an out of office message option with start & end date of the message, to make it easy for a user to put their own message and date.

Users can edit out-of-office message in Roundcube webmail, so you have to ask Roundcube team to achieve this feature.

fbifido wrote:

d) Is there a way to pop emails from a backup server like Godady?

Try fetchmail. It's not a iRedMail question.
http://fetchmail.berlios.de/

fbifido wrote:

e) is there a way to send all email from verified user using your isp mail server, that way  you can help stop spam, virus and prevent my ip from been black-listed, its a real pain to get unlisted?

Do you mean postfix setting "relayhost"? Reference:
http://www.postfix.org/postconf.5.html#relayhost