Install/iRedMail/FreeBSD/Jail

From iRedMail
(Difference between revisions)
Jump to: navigation, search
(Chapter 2: Installing iRedMail in jail)
 

Latest revision as of 17:23, 2 December 2010

Contents

[edit] Disclaimer

Don't public this article on other pages than iredmail without agree of me please :) Its beta version of tutorial, if You found errors please write this on forum or edit on wiki.

[edit] Chapter 0: Before You start

Our specification

  • Domain: Mail.example.com
  • Network Interface (which is connected to internet): em0
  • Host IP (public IP): 188.256.256.256
  • Jail IP (private IP): 192.168.1.1
  • OS: FreeBSD 8.1
  • Ports tree from: 10-11-2010

[edit] What You must know about jail

Please read FreeBSD handbook and wiki before we go further, make sure you understand what Jail is and what it's used for.

[edit] System requirement

  • pf (firewall) compiled in kernel. If You haven't pf then add this lines to Your kernel configuration:
File:
device pf
options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build

More about kernel configration, building and installation You can read here: http://www.freebsd.org/doc/handbook/kernelconfig-building.html

Don't forget enter correct jail IP (192.168.1.1) and correct hostname (mail.example.com) on creating jail.

[edit] Chapter 1: Setup network

1. We start from settings network on host (not jail), edit rc.conf with command:

Terminal:
# ee /etc/rc.conf

2. Add lines which You haven't in rc.conf

File: rc.conf
# Network Interface settings
ifconfig_em0="inet 188.256.256.256 netmask 255.255.255.0" # Main host - connect to Internet
ifconfig_em0_alias0="inet 192.168.1.1 netmask 255.255.255.255" # Our Jail for iRedMail
ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line.
ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line.

gateway_enable="YES"

# Enabling services ezjail and pf on system start
ezjail_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"

Lines:

File:
ifconfig_em0_alias1="inet 192.168.1.2 netmask 255.255.255.255" # Other Jail, if You used more Jails delete this line.
ifconfig_em0_alias2="inet 192.168.1.3 netmask 255.255.255.255" # Another Jail, if You used more Jails delete this line.

Are don't needed if You haven't two or three jails. You can comment or delete this lines.

3. Reboot machine or enter this command:

Terminal:
# ifconfig em0 inet 192.168.1.1 alias

4. Check settings with command:

Terminal:
# ifconfig

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:25:90:12:37:a0
        inet 188.256.256.256 netmask 0xffffff00 broadcast 188.256.256.255
        inet 192.168.1.1 netmask 0xffffffff broadcast 192.168.1.1
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:25:90:12:37:a1
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet 127.0.0.1 netmask 0xff000000

5. Setup pf rules. If You haven't /etc/pf.conf file then create file with command:

Terminal:
# touch /etc/pf.conf

And now edit pf.conf file:

Terminal:
ee /etc/pf.conf

6. Add this lines to Your pf.conf:

Terminal:
# Ports forwarding. Uncomment services which You will be using.
rdr pass on em0 proto tcp from any to em0 port 80 -> 192.168.1.1 port 80 # Apache (Roundcube, phpMyAdmin, PostfixAdmin)
rdr pass on em0 proto tcp from any to em0 port 443 -> 192.168.1.1 port 443 # Apache SSL (Roundcube, phpMyAdmin, PostfixAdmin)
rdr pass on em0 proto tcp from any to em0 port 25 -> 192.168.1.1 port 25 # SMTP
rdr pass on em0 proto tcp from any to em0 port 587 -> 192.168.1.1 port 587 # SMTP SSL, Submission
rdr pass on em0 proto tcp from any to em0 port 110 -> 192.168.1.1 port 110 # POP3
rdr pass on em0 proto tcp from any to em0 port 995 -> 192.168.1.1 port 995 # POP3 SSL
# rdr pass on em0 proto tcp from any to em0 port 143 -> 192.168.1.1 port 143 # IMAP
# rdr pass on em0 proto tcp from any to em0 port 993 -> 192.168.1.1 port 993 # IMAP SSL

# NAT
nat on em0 from 192.168.1.0/24 to any -> 188.256.256.256

7. Start/restart pf with command:

Terminal:
/etc/rc.d/pf restart

8. Edit jail's rc.conf file with command:

Terminal:
ee /path/to/your/jail/etc/rc.conf

Path to Your jail You added on jail install with ezjail.

9. You must make some changes in jail's rc.conf file:

Terminal:
# Network settings
defaultrouter="188.256.256.256"
early_late_divider="NETWORKING"
ifconfig_em0="inet 192.168.1.1 netmask 255.255.255.255 alias"
hostname="mail.example.com"

10. Restart iRedMail jail with command:

Terminal:
/usr/local/etc/rc.d/ezjail restart mail.example.com

11. Make some test of network connection. In first step You must connect to jail. Check jails installed on Your machine with command:

Terminal:
# jls
JID  IP Address      Hostname                      Path
     2  192.168.1.1     mail.example.com         /home/jails/mail.example.com
     3  192.168.1.3     dupa.com           /home/jails/dupa.com
     6  192.168.1.2     duza-dupa.com                /home/jails/duza-dupa.com

iRedMail jail have JID 2, so we run command:

Terminal:
# jexec 2 csh

12. Test connection on jail with pinging host FreeBSD.org and IP adress of this host (if DNS don't working) with commands:

Terminal:
# ping 69.147.83.40

Results:

Terminal:
PING 69.147.83.40 (69.147.83.40): 56 data bytes
64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=151.446 ms
64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=148.320 ms
64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=148.181 ms

--- 69.147.83.40 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 148.181/149.316/151.446/1.507 ms

Network is working. Now we check our DNS with command:

Terminal:
ping freebsd.org

Results:

Terminal:
PING freebsd.org (69.147.83.40): 56 data bytes
64 bytes from 69.147.83.40: icmp_seq=0 ttl=54 time=150.721 ms
64 bytes from 69.147.83.40: icmp_seq=1 ttl=54 time=149.631 ms
64 bytes from 69.147.83.40: icmp_seq=2 ttl=54 time=152.862 ms

--- freebsd.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 149.631/151.071/152.862/1.342 ms

All is working. Now we quit from jail with command:

Terminal:
exit
mail# exit
exit
#

If all is okay You can go to next chapter, if don't then setup Your network correctly.

[edit] Chapter 2: Installing iRedMail in jail

1. List, and enter to correct jail with commands:

Terminal:
# jls

JID  IP Address      Hostname                      Path
2  192.168.1.1     mail.example.com         /home/jails/mail.example.com
3  192.168.1.3     dupa.com           /home/jails/dupa.com
6  192.168.1.2     duza-dupa.com                /home/jails/duza-dupa.com

iRedMail jail have JID 2, so we run command:

Terminal:
# jexec 2 csh
mail#

2. Install bash shell with command:

Terminal:
# cd /usr/ports/shells/bash && make install clean

Run bash with command:

Terminal:
# /usr/local/bin/bash

3. Download and unpack iRedMail (enter link to current stable version) with command:

Terminal:
# cd /root
# fetch http://iredmail.googlecode.com/files/iRedMail-0.6.1.tar.bz2
# tar zxvf iRedMail-0.6.1.tar.bz2

4. Start installation script, with command:

Terminal:
# cd iRedMail-0.6.1/pkgs/
# bash get_all.sh
# cd ..
# bash iRedMail.sh

5. Congurate and install iRedMail with tutorial: http://code.google.com/p/iredmail/wiki/Installation_on_FreeBSD

I had some errors on compilation postfix26 on FreeBSD 8.1:

Terminal:
[src/util]
cc -DDEF_CONFIG_DIR=\"/usr/local/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/local/libexec/postfix\"
 -DDEF_COMMAND_DIR=\"/usr/local/sbin\" -DDEF_SENDMAIL_PATH=\"/usr/local/sbin/sendmail\"
 -DDEF_NEWALIAS_PATH=\"/usr/local/bin/newaliases\" -DDEF_MAILQ_PATH=\"/usr/local/bin/mailq\"
 -DDEF_MANPAGE_DIR=\"/usr/local/man\" -DDEF_README_DIR=\"/usr/local/share/doc/postfix\"
 -DDEF_HTML_DIR=\"/usr/local/share/doc/postfix\" -DDEF_QUEUE_DIR=\"/var/spool/postfix\"
 -DDEF_DATA_DIR=\"/var/db/postfix\" -DDEF_MAIL_OWNER=\"postfix\" -DDEF_SGID_GROUP=\"maildrop\"
 -DHAS_PCRE -I/usr/local/include -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS
 -I/usr/include -I/usr/local/include/db46 -DHAS_MYSQL -I/usr/local/include/mysql -DHAS_LDAP
 -I/usr/local/include -DHAS_CDB -I/usr/local/include NO -O2 -fno-strict-aliasing -pipe -DLDAP_DEPRECATED
 -I. -DFREEBSD8 -c alldig.c
cc: NO: No such file or directory
*** Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/src/util.
*** Error code 1

Stop in /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7.
*** Error code 1

Stop in /basejail/usr/ports/mail/postfix26.
*** Error code 1

Stop in /basejail/usr/ports/mail/postfix26.

But it's easy to fix, run command:

Terminal:
# cd /usr/ports/mail/postfix26 && make clean && make install clean
- ===>  Installing for postfix-2.6.7,1
===>   postfix-2.6.7,1 depends on executable: dovecot - found
===>   postfix-2.6.7,1 depends on shared library: pcre.0 - found
===>   postfix-2.6.7,1 depends on shared library: ldap-2.4.7 - found
===>   postfix-2.6.7,1 depends on shared library: mysqlclient.15 - found
===>   postfix-2.6.7,1 depends on shared library: db-4.6.0 - found
===>   Generating temporary packing list
===>  Checking if mail/postfix26 already installed
Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]?

Enter "y" key on keyboard and wait for next question:

Terminal:
- install  -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/rmail/rmail /usr/local/bin/rmail
install  -o root -g wheel -m 555 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/auxiliary/qshape/qshape.pl /usr/local/bin/qshape
install  -o root -g wheel -m 444 /var/ports/basejail/usr/ports/mail/postfix26/work/postfix-2.6.7/man/man1/qshape.1 /usr/local/man/man1
Would you like to activate Postfix in /etc/mail/mailer.conf [n]?

Enter "y" key on keyboard and wait for finish installation of postfix. Next step is edit .iRedMail.installation.status file with command:

Terminal:
ee /root/iRedMail-0.6.1/.iRedMail.installation.status

Add below line at end of file

Terminal:
export status_install_port_mailpostfix26='DONE'

Start installation script again:

Terminal:
bash /root/iRedMail-0.6.1/iRedMail.sh

6. When installation is finished don't start postfix:

Terminal:
*************************************************************************
* iRedMail-0.6.1 installation and configuration complete.
*************************************************************************

< Question > Would you like to start postfix now? [y|N]

Enter "n" key on Your keyboard.

7. Edit apache22/Includes/phpmyadmin.conf file with command:

Terminal:
# ee /usr/local/apache22/Includes/phpmyadmin.conf

Uncomment lines:

Terminal:
Alias /phpmyadmin "/usr/local/www/phpMyAdmin"
Alias /mysql "/usr/local/www/phpMyAdmin"

8. Start apache22 and mysql-server with commands:

Terminal:
# /usr/local/etc/rc.d/apache22 start
# /usr/local/etc/rc.d/mysql-server start

9. Open phpMyAdmin in web browser with url: http://mail.example.com/mysql and log in.

10. Go to MySQL Permissions (I haven't eng version I dont know how its called) and add IP 192.168.1.1 to user 'vmail'.

11. Edit postfix26/master.cf file with command:

Terminal:
# ee /usr/local/etc/postfix26/master.cf

Change one line for jail ip:

Terminal:
   -o mynetworks=192.168.1.1

12. Edit amavisd.conf with command:

Terminal:
# ee /usr/local/etc/amavisd.conf

Add this line:

File: amavisd.conf
@inet_acl = qw( 192.168.1.1 );

13. If You want using awstats edit awstats.conf:

Terminal:
# ee /usr/local/etc/apache22/Includes/awstats.conf

You must make some changes (installation script have errors) on first lines:

File:
# Note: Please refer to /usr/local/etc/apache22/extra/httpd-ssl.conf for SSL/TLS setting.

Alias /awstatsicons /usr/local/www/awstats/icons/
Alias /css /usr/local/www/awstats/css/
Alias /js /usr/local/www/awstats/js/
ScriptAlias /awstats /usr/local/www/awstats/cgi-bin/awstats.pl
<Directory /usr/local/www/awstats/cgi-bin/>
    DirectoryIndex awstats.pl
    Options ExecCGI
    order deny,allow
    allow from all
    #allow from 127.0.0.1

    AuthName "Authorization Required"
    AuthType Basic

Now go to web browser: http://mail.example.com/awstats, it should work.

[edit] Chapter 3: Moving iRedMail to jail

First Install iRedMail as Chapter 1 and 2. Next step - update only this what You need.

What You must update?

  • Copy old vmail dir to new vmail dir in JAIL
  • Check permission in vmail dir (/var/mail for me)
Terminal:
# ls -l /var/vmail/
total 4
drwx------   4 vmail  vmail  512 Nov 12 22:18 sieve
drwx------  10 vmail  vmail  512 Nov  9 16:06 vmail1

If You haven't owner vmail:vmail then setup this with command:

Terminal:
# chown -R vmail:vmail /var/vmail
  • Export from older MySQL tables in vmail database and import to newer. If You changing dir of vmail run this command in phpMyAdmin:
    • /var/vmail - my new vmail dir
    • /home/vmail - my old vmail dir
Terminal:
mysql> UPDATE mailbox SET storagebasedirectory='/var/vmail' WHERE storagebasedirectory='/home/vmail';
Personal tools