1 (edited by dong 2010-11-17 19:31:01)

Topic: How to: Installing iRedMail (MySQL virtual users) in FreeBSD Jail

Update: This tutorial may be out of date, please move to our wiki for latest version:
http://www.iredmail.org/wiki/index.php? … eeBSD/Jail

================================================
Chapter 0: Before You start

Our specification
Domain: Mail.example.com
Network Interface (which is connected to internet): em0
Host IP (public IP): 188.256.256.256
Jail IP (private IP): 192.168.1.1
OS: FreeBSD 8.1
Ports tree from: 10-11-2010

What You must know about jail?
Before install read FreeBSD Handbook and Wiki:
http://www.freebsd.org/doc/handbook/jails.html
http://en.wikipedia.org/wiki/FreeBSD_jail

System requirement
1. pf (firewall) compiled in kernel. If You haven't pf then add this lines to Your kernel configuration:

device pf
options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build

More about kernel configration, building and installation You can read here: http://www.freebsd.org/doc/handbook/ker … lding.html
2. Installed ezjail.
3. Created jail enviroment, read this tutorial: http://www.cyberciti.biz/faq/howto-setu … ith-ezjail
Don't forget enter correct jail IP (192.168.1.1) and correct hostname (mail.example.com) on creating jail.


Chapter 1: Setup network

1. We start from settings network on host (not jail), edit rc.conf with command:

ee /etc/rc.conf

2. Add lines which You haven't in rc.conf

# Network Interface settings
ifconfig_em0="inet 188.256.256.256 netmask 255.255.255.0" # Main host - connect to Internet
ifconfig_em0_alias0="inet 192.168.1.1 netmask 255.255.255.255" # Our Jail for iRedMail
ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line.
ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line.

gateway_enable="YES"

# Enabling services ezjail and pf on system start
ezjail_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"

Lines:

ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line.
ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line.

Are don't needed if You haven't two or three jails. You can comment or delete this lines.

3. Reboot machine or enter this command:

# ifconfig em0 inet 192.168.1.1 alias

4. Check settings with command:

ifconfig

Results:

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:25:90:12:37:a0
        inet 188.256.256.256 netmask 0xffffff00 broadcast 188.256.256.255
        inet 192.168.1.1 netmask 0xffffffff broadcast 192.168.1.1
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:25:90:12:37:a1
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000

5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command:

touch /etc/pf.conf

And now edit pf.conf file:

ee /etc/pf.conf

6. Add this lines to Your pf.conf:

# Ports forwarding. Uncomment services which You will be using.
rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin)
rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin)
rdr pass on em0 proto tcp from any to em0 port 25 -> 192.168.1.1 port 25 # SMTP
rdr pass on em0 proto tcp from any to em0 port 587 -> 192.168.1.1 port 587 # SMTP SSL, Submission
rdr pass on em0 proto tcp from any to em0 port 110 -> 192.168.1.1 port 110 # POP3
rdr pass on em0 proto tcp from any to em0 port 995 -> 192.168.1.1 port 995 # POP3 SSL
# rdr pass on em0 proto tcp from any to em0 port 143 -> 192.168.1.1 port 143 # IMAP
# rdr pass on em0 proto tcp from any to em0 port 993 -> 192.168.1.1 port 993 # IMAP SSL

# NAT
nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256

7. Start/restart pf with command:

/etc/rc.d/pf restart

8. Edit jail's rc.conf file with command:

ee /path/to/your/jail/etc/rc.conf

Path to Your jail You added on jail install with ezjail.

9. You must make some changes in jail's rc.conf file:

# Network settings
defaultrouter="188.256.256.256"
early_late_divider="NETWORKING"
ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias"
hostname="mail.example.com"

10. Restart iRedMail jail with command:

/usr/local/etc/rc.d/ezjail restart mail.example.com

11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command:

jls

Results:

JID  IP Address      Hostname                      Path
     2  192.168.1.1     mail.example.com         /home/jails/mail.example.com
     3  192.168.1.3     dupa.com           /home/jails/dupa.com
     6  192.168.1.2     duza-dupa.com                /home/jails/duza-dupa.com

iRedMail jail have JID 2, so we run command:

jexec 2 csh

12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands:

ping 69.147.83.40

Results:

PING 69.147.83.40 (69.147.83.40): 56 data bytes
64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms
64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms
64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=148.181 ms

--- 69.147.83.40 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms

Network is working. Now we check our DNS with command:

ping freebsd.org

Results:

PING freebsd.org (69.147.83.40): 56 data bytes
64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms
64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms
64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=152.862 ms

--- freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms

All is working. Now we quit from jail with command:

exit

Results:

mail# exit
exit
#

If all is okay You can go to next chapter, if don't then setup Your network correctly.


Chapter 2: Installing iRedMail in jail.

1. List, and enter to correct jail with commands:

jls

Results:

JID  IP Address      Hostname                      Path
     2  192.168.1.1     mail.example.com         /home/jails/mail.example.com
     3  192.168.1.3     dupa.com           /home/jails/dupa.com
     6  192.168.1.2     duza-dupa.com                /home/jails/duza-dupa.com

iRedMail jail have JID 2, so we run command:

jexec 2 csh

Result:

mail#

2. Install bash shell with command:

cd /usr/ports/shells/bash && make install clean

Run bash with command:

/usr/local/bin/bash

3. Download and unpack iRedMail (enter link to current stable version) with command:

cd /root && fetch http://iredmail.googlecode.com/files/iRedMail-0.6.1.tar.bz2 && tar zxvf iRedMail-0.6.1.tar.bz2

4. Start installation script, with command:

cd iRedMail-0.6.1/pkgs/ && bash get_all.sh && cd .. && bash iRedMail.sh

5. Congurate and install iRedMail with tutorial: http://code.google.com/p/iredmail/wiki/ … on_FreeBSD

I had some errors on compilation postfix26 on FreeBSD 8.1:

[src/util]
cc -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" -DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\" -DDEF_NEWALIAS_PATH=\"/usr/local/bin/newaliases\" -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\" -DDEF_MANPAGE_DIR=\"/usr/local/man\" -DDEF_README_DIR=\"/usr/local/share/doc/postfix\" -DDEF_HTML_DIR=\"/usr/local/share/doc/postfix\" -DDEF_QUEUE_DIR=\"/var/spool/postfix\" -DDEF_DATA_DIR=\"/var/db/postfix\" -DDEF_MAIL_OWNER=\"postfix\" -DDEF_SGID_GROUP=\"maildrop\" -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS -I/usr/include -I/usr/local/include/db46 -DHAS_MYSQL -I/usr/local/include/mysql -DHAS_LDAP -I/usr/local/include -DHAS_CDB -I/usr/local/include NO -O2 -fno-strict-aliasing -pipe -DLDAP_DEPRECATED -I. -DFREEBSD8 -c alldig.c
cc: NO: No such file or directory
*** Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/src/util.
*** Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7.
*** Error code 1

Stop in /basejail/usr/ports/mail/postfix26.
*** Error code 1

Stop in /basejail/usr/ports/mail/postfix26.

But it's easy to fix, run command:

cd /usr/ports/mail/postfix26 && make clean && make install clean
- ===>  Installing for postfix-2.6.7,1
===>   postfix-2.6.7,1 depends on executable: dovecot - found
===>   postfix-2.6.7,1 depends on shared library: pcre.0 - found
===>   postfix-2.6.7,1 depends on shared library: ldap-2.4.7 - found
===>   postfix-2.6.7,1 depends on shared library: mysqlclient.15 - found
===>   postfix-2.6.7,1 depends on shared library: db-4.6.0 - found
===>   Generating temporary packing list
===>  Checking if mail/postfix26 already installed
Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]?

Enter "y" key on keyboard and wait for next question:

- install  -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/rmail/rmail /usr/local/bin/rmail
install  -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/qshape/qshape.pl /usr/local/bin/qshape
install  -o root -g wheel -m 444 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/man/man1/qshape.1 /usr/local/man/man1
Would you like to activate Postfix in /etc/mail/mailer.conf [n]?

Enter "y" key on keyboard and wait for finish installation of postfix. Next step is edit .iRedMail.installation.status file with command:

ee /root/iRedMail-0.6.1/.iRedMail.installation.status

Add below line at end of file

export status_install_port_mailpostfix26='DONE'

Start installation script again:

bash /root/iRedMail-0.6.1/iRedMail.sh

6. When installation is finished don't start postfix:

*************************************************************************
* iRedMail-0.6.1 installation and configuration complete.
*************************************************************************

< Question > Would you like to start postfix now? [y|N]

Enter "n" key on Your keyboard.

7. Edit apache22/Includes/phpmyadmin.conf file with command:

ee /usr/local/apache22/Includes/phpmyadmin.conf

Uncomment lines:

Alias /phpmyadmin "/usr/local/www/phpMyAdmin"
Alias /mysql "/usr/local/www/phpMyAdmin"

8. Start apache22 and mysql-server with commands:

/usr/local/etc/rc.d/apache22 start
/usr/local/etc/rc.d/mysql-server start

9. Open phpMyAdmin in web browser with url: http://mail.example.com/mysql and log in.

10. Go to MySQL Permissions (I haven't eng version I dont know how its called) and add IP 192.168.1.1 to user 'vmail'.

11. Edit postfix26/master.cf file with command:

ee /usr/local/etc/postfix26/master.cf

Change one line for jail ip:

   -o mynetworks=192.168.1.1

12. Edit amavisd.conf with command:

ee /usr/local/etc/amavisd.conf 

Add this line:

@inet_acl = qw( 192.168.1.1 );

13. If You want using awstats edit awstats.conf:

ee /usr/local/etc/apache22/Includes/awstats.conf

You must make some changes (installation script have errors) on first lines:

#
# File generated by iRedMail (2010.11.09.12.00.01):
#
# Version:  0.6.1
# Project:  [url]http://www.iredmail.org/[/url]
#
# Community: [url]http://www.iredmail.org/forum/[/url]
#

# Note: Please refer to /usr/local/etc/apache22/extra/httpd-ssl.conf for SSL/TLS setting.

Alias /awstatsicons /usr/local/www/awstats/icons/
Alias /css /usr/local/www/awstats/css/
Alias /js /usr/local/www/awstats/js/
ScriptAlias /awstats /usr/local/www/awstats/cgi-bin/awstats.pl
<Directory /usr/local/www/awstats/cgi-bin/>
    DirectoryIndex awstats.pl
    Options ExecCGI
    order deny,allow
    allow from all
    #allow from 127.0.0.1

    AuthName "Authorization Required"
    AuthType Basic

Now go to web browser: http://mail.example.com/awstats, it's should be working.


Chapter 3: Moving iRedMail to jail.

First Install iRedMail as Chapter 1 and 2. Next step - update only this what You need.

What You must update?
1. Copy old vmail dir to new vmail dir in JAIL
2. Check permission in vmail dir (/var/mail for me)

ls -l /var/vmail/
total 4
drwx------   4 vmail  vmail  512 Nov 12 22:18 sieve
drwx------  10 vmail  vmail  512 Nov  9 16:06 vmail1

If You haven't owner vmail:vmail then setup this with command:

# chown -R vmail:vmail /var/vmail

3. Export from older MySQL tables in vmail database and import to newer. If You changing dir of vmail run this command in phpMyAdmin:

UPDATE mailbox SET storagebasedirectory='/var/vmail' WHERE storagebasedirectory='/home/vmail';

/var/vmail - my new vmail dir
/home/vmail - my old vmail dir


Disclaimer

Don't public this article on other pages than iredmail without agree of me please smile Its beta version of tutorial, if You found errors please write this on forum or edit on wiki.

2

Re: How to: Installing iRedMail (MySQL virtual users) in FreeBSD Jail

Good work ! Thank you !