Install/iRedMail/FreeBSD/Jail
From iRedMail
(→What You must know about jail) |
(→Chapter 1: Setup network) |
||
| Line 93: | Line 93: | ||
5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command: | 5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command: | ||
| - | + | {{cmd|<pre># touch /etc/pf.conf</pre>}} | |
And now edit pf.conf file: | And now edit pf.conf file: | ||
| - | + | {{cmd|<pre>ee /etc/pf.conf</pre>}} | |
6. Add this lines to Your pf.conf: | 6. Add this lines to Your pf.conf: | ||
| - | + | {{cmd|<pre># Ports forwarding. Uncomment services which You will be using. | |
rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin) | rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin) | ||
rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin) | rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin) | ||
| Line 110: | Line 110: | ||
# NAT | # NAT | ||
| - | nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256 | + | nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256</pre>}} |
7. Start/restart pf with command: | 7. Start/restart pf with command: | ||
| - | + | {{cmd|<pre>/etc/rc.d/pf restart</pre>}} | |
8. Edit jail's rc.conf file with command: | 8. Edit jail's rc.conf file with command: | ||
| - | + | {{cmd|<pre>ee /path/to/your/jail/etc/rc.conf</pre>}} | |
Path to Your jail You added on jail install with ezjail. | Path to Your jail You added on jail install with ezjail. | ||
9. You must make some changes in jail's rc.conf file: | 9. You must make some changes in jail's rc.conf file: | ||
| - | + | {{cmd|<pre># Network settings | |
defaultrouter="188.256.256.256" | defaultrouter="188.256.256.256" | ||
early_late_divider="NETWORKING" | early_late_divider="NETWORKING" | ||
ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias" | ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias" | ||
| - | hostname="mail.example.com" | + | hostname="mail.example.com"</pre>}} |
10. Restart iRedMail jail with command: | 10. Restart iRedMail jail with command: | ||
| - | + | {{cmd|<pre>/usr/local/etc/rc.d/ezjail restart mail.example.com</pre>}} | |
11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command: | 11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command: | ||
| - | + | {{cmd|<pre># jls | |
| - | + | JID IP Address Hostname Path | |
| - | + | ||
2 192.168.1.1 mail.example.com /home/jails/mail.example.com | 2 192.168.1.1 mail.example.com /home/jails/mail.example.com | ||
3 192.168.1.3 dupa.com /home/jails/dupa.com | 3 192.168.1.3 dupa.com /home/jails/dupa.com | ||
| - | 6 192.168.1.2 duza-dupa.com /home/jails/duza-dupa.com | + | 6 192.168.1.2 duza-dupa.com /home/jails/duza-dupa.com</pre>}} |
iRedMail jail have JID 2, so we run command: | iRedMail jail have JID 2, so we run command: | ||
| - | + | {{cmd|<pre># jexec 2 csh</pre>}} | |
12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands: | 12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands: | ||
| - | + | {{cmd|<pre># ping 69.147.83.40</pre>}} | |
Results: | Results: | ||
| - | + | {{cmd|<pre>PING 69.147.83.40 (69.147.83.40): 56 data bytes | |
64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms | 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms | ||
64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms | 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms | ||
| Line 150: | Line 149: | ||
--- 69.147.83.40 ping statistics --- | --- 69.147.83.40 ping statistics --- | ||
3 packets transmitted, 3 packets received, 0.0% packet loss | 3 packets transmitted, 3 packets received, 0.0% packet loss | ||
| - | round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms | + | round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms</pre>}} |
Network is working. Now we check our DNS with command: | Network is working. Now we check our DNS with command: | ||
| - | + | {{cmd|<pre>ping freebsd.org</pre>}} | |
Results: | Results: | ||
| - | + | {{cmd|<pre>PING freebsd.org (69.147.83.40): 56 data bytes | |
64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms | 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms | ||
64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms | 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms | ||
| Line 163: | Line 162: | ||
--- freebsd.org ping statistics --- | --- freebsd.org ping statistics --- | ||
3 packets transmitted, 3 packets received, 0.0% packet loss | 3 packets transmitted, 3 packets received, 0.0% packet loss | ||
| - | round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms | + | round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms</pre>}} |
All is working. Now we quit from jail with command: | All is working. Now we quit from jail with command: | ||
| - | + | {{cmd|<pre>exit | |
| - | + | mail# exit | |
| - | + | ||
exit | exit | ||
| - | # | + | #</pre>}} |
If all is okay You can go to next chapter, if don't then setup Your network correctly. | If all is okay You can go to next chapter, if don't then setup Your network correctly. | ||
| - | |||
= Chapter 2: Installing iRedMail in jail = | = Chapter 2: Installing iRedMail in jail = | ||
Revision as of 00:22, 3 December 2010
Contents |
Disclaimer
Don't public this article on other pages than iredmail without agree of me please :) Its beta version of tutorial, if You found errors please write this on forum or edit on wiki.
Chapter 0: Before You start
Our specification
- Domain: Mail.example.com
- Network Interface (which is connected to internet): em0
- Host IP (public IP): 188.256.256.256
- Jail IP (private IP): 192.168.1.1
- OS: FreeBSD 8.1
- Ports tree from: 10-11-2010
What You must know about jail
Please read FreeBSD handbook and wiki before we go further, make sure you understand what Jail is and what it's used for.
System requirement
- pf (firewall) compiled in kernel. If You haven't pf then add this lines to Your kernel configuration:
| File: |
device pf options ALTQ options ALTQ_CBQ # Class Bases Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build |
More about kernel configration, building and installation You can read here: http://www.freebsd.org/doc/handbook/kernelconfig-building.html
- Installed ezjail.
- Created jail enviroment, read this tutorial: http://www.cyberciti.biz/faq/howto-setup-freebsd-jail-with-ezjail
Don't forget enter correct jail IP (192.168.1.1) and correct hostname (mail.example.com) on creating jail.
Chapter 1: Setup network
1. We start from settings network on host (not jail), edit rc.conf with command:
| Terminal: |
# ee /etc/rc.conf |
2. Add lines which You haven't in rc.conf
| File: rc.conf |
# Network Interface settings ifconfig_em0="inet 188.256.256.256 netmask 255.255.255.0" # Main host - connect to Internet ifconfig_em0_alias0="inet 192.168.1.1 netmask 255.255.255.255" # Our Jail for iRedMail ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line. ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line. gateway_enable="YES" # Enabling services ezjail and pf on system start ezjail_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" |
Lines:
| File: |
ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line. ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line. |
Are don't needed if You haven't two or three jails. You can comment or delete this lines.
3. Reboot machine or enter this command:
| Terminal: |
# ifconfig em0 inet 192.168.1.1 alias |
4. Check settings with command:
| Terminal: |
# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:25:90:12:37:a0
inet 188.256.256.256 netmask 0xffffff00 broadcast 188.256.256.255
inet 192.168.1.1 netmask 0xffffffff broadcast 192.168.1.1
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:25:90:12:37:a1
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
|
5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command:
| Terminal: |
# touch /etc/pf.conf |
And now edit pf.conf file:
| Terminal: |
ee /etc/pf.conf |
6. Add this lines to Your pf.conf:
| Terminal: |
# Ports forwarding. Uncomment services which You will be using. rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin) rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin) rdr pass on em0 proto tcp from any to em0 port 25 -> 192.168.1.1 port 25 # SMTP rdr pass on em0 proto tcp from any to em0 port 587 -> 192.168.1.1 port 587 # SMTP SSL, Submission rdr pass on em0 proto tcp from any to em0 port 110 -> 192.168.1.1 port 110 # POP3 rdr pass on em0 proto tcp from any to em0 port 995 -> 192.168.1.1 port 995 # POP3 SSL # rdr pass on em0 proto tcp from any to em0 port 143 -> 192.168.1.1 port 143 # IMAP # rdr pass on em0 proto tcp from any to em0 port 993 -> 192.168.1.1 port 993 # IMAP SSL # NAT nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256 |
7. Start/restart pf with command:
| Terminal: |
/etc/rc.d/pf restart |
8. Edit jail's rc.conf file with command:
| Terminal: |
ee /path/to/your/jail/etc/rc.conf |
Path to Your jail You added on jail install with ezjail.
9. You must make some changes in jail's rc.conf file:
| Terminal: |
# Network settings defaultrouter="188.256.256.256" early_late_divider="NETWORKING" ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias" hostname="mail.example.com" |
10. Restart iRedMail jail with command:
| Terminal: |
/usr/local/etc/rc.d/ezjail restart mail.example.com |
11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command:
| Terminal: |
# jls
JID IP Address Hostname Path
2 192.168.1.1 mail.example.com /home/jails/mail.example.com
3 192.168.1.3 dupa.com /home/jails/dupa.com
6 192.168.1.2 duza-dupa.com /home/jails/duza-dupa.com
|
iRedMail jail have JID 2, so we run command:
| Terminal: |
# jexec 2 csh |
12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands:
| Terminal: |
# ping 69.147.83.40 |
Results:
| Terminal: |
PING 69.147.83.40 (69.147.83.40): 56 data bytes 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms 64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=148.181 ms --- 69.147.83.40 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms |
Network is working. Now we check our DNS with command:
| Terminal: |
ping freebsd.org |
Results:
| Terminal: |
PING freebsd.org (69.147.83.40): 56 data bytes 64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms 64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms 64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=152.862 ms --- freebsd.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms |
All is working. Now we quit from jail with command:
| Terminal: |
exit mail# exit exit # |
If all is okay You can go to next chapter, if don't then setup Your network correctly.
Chapter 2: Installing iRedMail in jail
1. List, and enter to correct jail with commands:
| Terminal: |
# jls JID IP Address Hostname Path 2 192.168.1.1 mail.example.com /home/jails/mail.example.com 3 192.168.1.3 dupa.com /home/jails/dupa.com 6 192.168.1.2 duza-dupa.com /home/jails/duza-dupa.com |
iRedMail jail have JID 2, so we run command:
| Terminal: |
# jexec 2 csh mail# |
2. Install bash shell with command:
| Terminal: |
# cd /usr/ports/shells/bash && make install clean |
Run bash with command:
| Terminal: |
# /usr/local/bin/bash |
3. Download and unpack iRedMail (enter link to current stable version) with command:
| Terminal: |
# cd /root # fetch http://iredmail.googlecode.com/files/iRedMail-0.6.1.tar.bz2 # tar zxvf iRedMail-0.6.1.tar.bz2 |
4. Start installation script, with command:
| Terminal: |
# cd iRedMail-0.6.1/pkgs/ # bash get_all.sh # cd .. # bash iRedMail.sh |
5. Congurate and install iRedMail with tutorial: http://code.google.com/p/iredmail/wiki/Installation_on_FreeBSD
I had some errors on compilation postfix26 on FreeBSD 8.1:
| Terminal: |
[src/util] cc -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\" -DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\" -DDEF_NEWALIAS_PATH=\"/usr/local/bin/newaliases\" -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\" -DDEF_MANPAGE_DIR=\"/usr/local/man\" -DDEF_README_DIR=\"/usr/local/share/doc/postfix\" -DDEF_HTML_DIR=\"/usr/local/share/doc/postfix\" -DDEF_QUEUE_DIR=\"/var/spool/postfix\" -DDEF_DATA_DIR=\"/var/db/postfix\" -DDEF_MAIL_OWNER=\"postfix\" -DDEF_SGID_GROUP=\"maildrop\" -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS -I/usr/include -I/usr/local/include/db46 -DHAS_MYSQL -I/usr/local/include/mysql -DHAS_LDAP -I/usr/local/include -DHAS_CDB -I/usr/local/include NO -O2 -fno-strict-aliasing -pipe -DLDAP_DEPRECATED -I. -DFREEBSD8 -c alldig.c cc: NO: No such file or directory *** Error code 1 Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/src/util. *** Error code 1 Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7. *** Error code 1 Stop in /basejail/usr/ports/mail/postfix26. *** Error code 1 Stop in /basejail/usr/ports/mail/postfix26. |
But it's easy to fix, run command:
| Terminal: |
# cd /usr/ports/mail/postfix26 && make clean && make install clean - ===> Installing for postfix-2.6.7,1 ===> postfix-2.6.7,1 depends on executable: dovecot - found ===> postfix-2.6.7,1 depends on shared library: pcre.0 - found ===> postfix-2.6.7,1 depends on shared library: ldap-2.4.7 - found ===> postfix-2.6.7,1 depends on shared library: mysqlclient.15 - found ===> postfix-2.6.7,1 depends on shared library: db-4.6.0 - found ===> Generating temporary packing list ===> Checking if mail/postfix26 already installed Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]? |
Enter "y" key on keyboard and wait for next question:
[code]- install -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/rmail/rmail /usr/local/bin/rmail install -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/qshape/qshape.pl /usr/local/bin/qshape install -o root -g wheel -m 444 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/man/man1/qshape.1 /usr/local/man/man1 Would you like to activate Postfix in /etc/mail/mailer.conf [n]?[/code]
Enter "y" key on keyboard and wait for finish installation of postfix. Next step is edit .iRedMail.installation.status file with command: [code]ee /root/iRedMail-0.6.1/.iRedMail.installation.status[/code]
Add below line at end of file [code]export status_install_port_mailpostfix26='DONE'[/code]
Start installation script again: [code]bash /root/iRedMail-0.6.1/iRedMail.sh[/code]
6. When installation is finished don't start postfix:
| Terminal: |
************************************************************************* * iRedMail-0.6.1 installation and configuration complete. ************************************************************************* < Question > Would you like to start postfix now? [y|N] |
Enter "n" key on Your keyboard.
7. Edit apache22/Includes/phpmyadmin.conf file with command:
| Terminal: |
# ee /usr/local/apache22/Includes/phpmyadmin.conf |
Uncomment lines:
| Terminal: |
Alias /phpmyadmin "/usr/local/www/phpMyAdmin" Alias /mysql "/usr/local/www/phpMyAdmin" |
8. Start apache22 and mysql-server with commands:
| Terminal: |
# /usr/local/etc/rc.d/apache22 start # /usr/local/etc/rc.d/mysql-server start |
9. Open phpMyAdmin in web browser with url: http://mail.example.com/mysql and log in.
10. Go to MySQL Permissions (I haven't eng version I dont know how its called) and add IP 192.168.1.1 to user 'vmail'.
11. Edit postfix26/master.cf file with command:
| Terminal: |
# ee /usr/local/etc/postfix26/master.cf |
Change one line for jail ip:
| Terminal: |
-o mynetworks=192.168.1.1 |
12. Edit amavisd.conf with command:
| Terminal: |
# ee /usr/local/etc/amavisd.conf |
Add this line:
| File: amavisd.conf |
@inet_acl = qw( 192.168.1.1 ); |
13. If You want using awstats edit awstats.conf:
| Terminal: |
# ee /usr/local/etc/apache22/Includes/awstats.conf |
You must make some changes (installation script have errors) on first lines:
| File: |
# Note: Please refer to /usr/local/etc/apache22/extra/httpd-ssl.conf for SSL/TLS setting.
Alias /awstatsicons /usr/local/www/awstats/icons/
Alias /css /usr/local/www/awstats/css/
Alias /js /usr/local/www/awstats/js/
ScriptAlias /awstats /usr/local/www/awstats/cgi-bin/awstats.pl
<Directory /usr/local/www/awstats/cgi-bin/>
DirectoryIndex awstats.pl
Options ExecCGI
order deny,allow
allow from all
#allow from 127.0.0.1
AuthName "Authorization Required"
AuthType Basic
|
Now go to web browser: http://mail.example.com/awstats, it should work.
Chapter 3: Moving iRedMail to jail
First Install iRedMail as Chapter 1 and 2. Next step - update only this what You need.
What You must update?
- Copy old vmail dir to new vmail dir in JAIL
- Check permission in vmail dir (/var/mail for me)
| Terminal: |
# ls -l /var/vmail/ total 4 drwx------ 4 vmail vmail 512 Nov 12 22:18 sieve drwx------ 10 vmail vmail 512 Nov 9 16:06 vmail1 |
If You haven't owner vmail:vmail then setup this with command:
| Terminal: |
# chown -R vmail:vmail /var/vmail |
- Export from older MySQL tables in vmail database and import to newer. If You changing dir of vmail run this command in phpMyAdmin:
- /var/vmail - my new vmail dir
- /home/vmail - my old vmail dir
| Terminal: |
mysql> UPDATE mailbox SET storagebasedirectory='/var/vmail' WHERE storagebasedirectory='/home/vmail'; |
